Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2015-9251
Vulnerability from cvelistv5
Published
2018-01-18 23:00
Modified
2024-08-06 08:43
Severity ?
EPSS score ?
Summary
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:43:41.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105658",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105658"
},
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "[flink-user] 20190811 Apache flink 1.7.2 security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-user] 20190813 Apache flink 1.7.2 security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E"
},
{
"name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "RHSA-2020:0481",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0481"
},
{
"name": "RHSA-2020:0729",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
},
{
"name": "openSUSE-SU-2020:0395",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jquery/jquery/issues/2432"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/npm:jquery:20150627"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jquery/jquery/pull/2588"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T11:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "105658",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105658"
},
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "[flink-user] 20190811 Apache flink 1.7.2 security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-user] 20190813 Apache flink 1.7.2 security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E"
},
{
"name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "RHSA-2020:0481",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0481"
},
{
"name": "RHSA-2020:0729",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
},
{
"name": "openSUSE-SU-2020:0395",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jquery/jquery/issues/2432"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/npm:jquery:20150627"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jquery/jquery/pull/2588"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105658"
},
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "[flink-user] 20190811 Apache flink 1.7.2 security issues",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-user] 20190813 Apache flink 1.7.2 security issues",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E"
},
{
"name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "RHSA-2020:0481",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0481"
},
{
"name": "RHSA-2020:0729",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
},
{
"name": "openSUSE-SU-2020:0395",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://github.com/jquery/jquery/issues/2432",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery/issues/2432"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf",
"refsource": "MISC",
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf"
},
{
"name": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
},
{
"name": "https://snyk.io/vuln/npm:jquery:20150627",
"refsource": "MISC",
"url": "https://snyk.io/vuln/npm:jquery:20150627"
},
{
"name": "https://github.com/jquery/jquery/pull/2588",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery/pull/2588"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04"
},
{
"name": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://www.tenable.com/security/tns-2019-08",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210108-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210108-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9251",
"datePublished": "2018-01-18T23:00:00",
"dateReserved": "2018-01-18T00:00:00",
"dateUpdated": "2024-08-06T08:43:41.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.0.0\", \"matchCriteriaId\": \"9CD7C3A9-7A77-4553-9893-D16D9FDC84AB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A079FD6E-3BB0-4997-9A8E-6F8FEC89887A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"900D2344-5160-42A0-8C49-36DBC7FF3D87\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4AA4B21-1BA9-4ED8-B9EA-558AF8655D24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C3F9EE5-FCFC-45B8-9F57-C05D42EE0FF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3DF1971-3FD9-4954-AF2D-DDA0B24B89CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8972497F-6E24-45A9-9A18-EB0E842CB1D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"400509A8-D6F2-432C-A2F1-AD5B8778D0D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"132CE62A-FBFC-4001-81EC-35D81F73AF48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"013043A2-0765-4AF5-ABFC-6A8960FFBFD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B887E174-57AB-449D-AEE4-82DD1A3E5C84\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E869C417-C0E6-4FC3-B406-45598A1D1906\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.0.0.1\", \"matchCriteriaId\": \"EC361999-AAD8-4CB3-B00E-E3990C3529B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C510CE66-DD71-45C8-B678-9BD81EC7FFBB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF0A211C-7C3D-46AE-B525-890A9194C422\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1AD7C68-81DF-4332-AEB3-B368E0221F52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.1.0.4.0\", \"matchCriteriaId\": \"97C1FA4C-5163-420C-A01A-EA36F1039BBB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.2\", \"matchCriteriaId\": \"77120A3C-9A48-45FC-A620-5072AF325ACF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BED45FB9-410F-4FC6-ACEB-49476F1C50BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D03A8C9-35A5-4B75-9711-7A4A60457307\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE12B6A4-E128-41EC-8017-558F50B961BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"835BFCBC-848C-4A2C-BDE7-3D94CEC3F5D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A1B7A35-B332-476E-A676-C2CD4D72FA50\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.3.3\", \"versionEndIncluding\": \"7.3.5\", \"matchCriteriaId\": \"B5BC32AA-78BE-468B-B92A-5A0FFFA970FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndIncluding\": \"8.0.7\", \"matchCriteriaId\": \"47E1F95E-A3A5-4996-B951-0F946CB11210\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.4\", \"versionEndIncluding\": \"8.0.7\", \"matchCriteriaId\": \"703DA91D-3440-4C67-AA20-78F71B1376DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.5\", \"versionEndIncluding\": \"8.0.7\", \"matchCriteriaId\": \"73E05211-8415-42FB-9B93-959EB03B090B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.4\", \"versionEndIncluding\": \"8.0.7\", \"matchCriteriaId\": \"AC15899F-8528-4D10-8CD5-F67121D7F293\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.4\", \"versionEndIncluding\": \"8.0.7\", \"matchCriteriaId\": \"30657F1B-D1FC-4EE6-9854-18993294A01D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.2\", \"versionEndIncluding\": \"8.0.6\", \"matchCriteriaId\": \"E376C9FB-1870-4B4E-8D69-02A70C0A041C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.2\", \"versionEndIncluding\": \"8.0.7\", \"matchCriteriaId\": \"DB6C521C-F104-4E26-82F2-6F63F94108BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"402B8642-7ACC-4F42-87A9-AB4D3B581751\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF6D5112-4055-4F89-A5B3-0DCB109481B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.4\", \"versionEndIncluding\": \"8.0.6\", \"matchCriteriaId\": \"EC3830C0-2B9F-41BD-94C9-E3718467A1AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D027285-07C1-4B3A-AB54-4426C16E236A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3831F35C-DED2-4E40-AA94-1512E106BFF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06E586B3-3434-4B08-8BE3-16C528642CA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C36C520-B5F5-45F1-B55F-62859CDA012E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5EAAFF95-000C-4D78-98FF-9EDE9D966A65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5ACB1D2-69CE-4B7D-9B51-D8F80E541631\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03C46CCD-B49F-405A-A0A0-E0DFBA60F0D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A3DC116-2844-47A1-BEC2-D0675DD97148\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AC63D10-2326-4542-B345-31D45B9A7408\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCBF2756-B831-4E6E-A15B-2A11DD48DB7C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D76453B-95AF-4AC4-8096-7D117F69B45B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDE3671B-EB36-490A-BA70-575FCA332B94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E03A631E-253A-4C56-9986-97F86C323482\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7506589-9B3B-49BA-B826-774BFDCC45B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"042C243F-EDFE-4A04-AB0B-26E73CC34837\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"228DA523-4D6D-48C5-BDB0-DB1A60F23F8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A81D092-FC04-4B7D-83FB-58D402B5EF9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45CB30A1-B2C9-4BF5-B510-1F2F18B60C64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0A735B4-4F3C-416B-8C08-9CB21BAD2889\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E1E416B-920B-49A0-9523-382898C2979D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CBFA960-D242-43ED-8D4C-A60F01B70740\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0513B305-97EF-4609-A82E-D0CDFF9925BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.1\", \"versionEndIncluding\": \"17.12\", \"matchCriteriaId\": \"B8249A74-C34A-4F66-8F11-F7F50F8813BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D55A54FD-7DD1-49CD-BE81-0BE73990943C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82EB08C0-2D46-4635-88DF-E54F6452D3A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"202AD518-2E9B-4062-B063-9858AE1F9CE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A108B4EF-768F-4118-86B5-C0D9CDDE6A6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"686D4323-4B05-4B92-B598-594A31F937C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD4AB77A-E829-4603-AF6A-97B9CD0D687F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DE15D64-6F49-4F43-8079-0C7827384C86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"788F2530-F011-4489-8029-B3468BAF7787\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68B5147A-F6A3-499E-815D-6DAABDA33B03\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26C5CF80-8CFF-44D9-B3ED-C259847E9C46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"569644AC-69AD-412D-B399-4052D4DB2928\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70BEF219-45EC-4A53-A815-42FBE20FC300\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1EA2023A-1AD6-41FE-A214-9D1F6021D6B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3FFFBA49-F340-4A3D-BE8C-73213A669855\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B491FB70-B6FC-4063-BE00-CAD664B39055\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.3.0.1\", \"versionEndIncluding\": \"4.3.0.4\", \"matchCriteriaId\": \"70E13C38-9FC3-46BD-B9A4-1033C98C19D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE1E1CA5-D443-4C5D-8F43-550106FFE3DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BB4709C-6373-43CC-918C-876A6569865A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F745235C-55A9-4353-A4CB-4B7834BDD63F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBFF04EF-B1C3-4601-878A-35EA6A15EF0C\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\"}, {\"lang\": \"es\", \"value\": \"jQuery en versiones anteriores a la 3.0.0 es vulnerable a ataques de Cross-site Scripting (XSS) cuando se realiza una petici\\u00f3n Ajax de dominios cruzados sin la opci\\u00f3n dataType. Esto provoca que se ejecuten respuestas de texto/javascript.\"}]",
"id": "CVE-2015-9251",
"lastModified": "2024-11-21T02:40:09.093",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2018-01-18T23:29:00.307",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/10\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/11\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/13\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/105658\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0481\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0729\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/jquery/jquery/issues/2432\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/jquery/jquery/pull/2588\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://seclists.org/bugtraq/2019/May/18\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210108-0004/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://snyk.io/vuln/npm:jquery:20150627\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.tenable.com/security/tns-2019-08\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/11\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/13\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/105658\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0481\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0729\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/jquery/jquery/issues/2432\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/jquery/jquery/pull/2588\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://seclists.org/bugtraq/2019/May/18\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210108-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://snyk.io/vuln/npm:jquery:20150627\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.tenable.com/security/tns-2019-08\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-9251\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-01-18T23:29:00.307\",\"lastModified\":\"2024-11-21T02:40:09.093\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\"},{\"lang\":\"es\",\"value\":\"jQuery en versiones anteriores a la 3.0.0 es vulnerable a ataques de Cross-site Scripting (XSS) cuando se realiza una petici\u00f3n Ajax de dominios cruzados sin la opci\u00f3n dataType. Esto provoca que se ejecuten respuestas de texto/javascript.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0.0\",\"matchCriteriaId\":\"9CD7C3A9-7A77-4553-9893-D16D9FDC84AB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A079FD6E-3BB0-4997-9A8E-6F8FEC89887A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"900D2344-5160-42A0-8C49-36DBC7FF3D87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4AA4B21-1BA9-4ED8-B9EA-558AF8655D24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C3F9EE5-FCFC-45B8-9F57-C05D42EE0FF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3DF1971-3FD9-4954-AF2D-DDA0B24B89CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8972497F-6E24-45A9-9A18-EB0E842CB1D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"400509A8-D6F2-432C-A2F1-AD5B8778D0D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"132CE62A-FBFC-4001-81EC-35D81F73AF48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"013043A2-0765-4AF5-ABFC-6A8960FFBFD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B887E174-57AB-449D-AEE4-82DD1A3E5C84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E869C417-C0E6-4FC3-B406-45598A1D1906\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.0.0.1\",\"matchCriteriaId\":\"EC361999-AAD8-4CB3-B00E-E3990C3529B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C510CE66-DD71-45C8-B678-9BD81EC7FFBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF0A211C-7C3D-46AE-B525-890A9194C422\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1AD7C68-81DF-4332-AEB3-B368E0221F52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.1.0.4.0\",\"matchCriteriaId\":\"97C1FA4C-5163-420C-A01A-EA36F1039BBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.2\",\"matchCriteriaId\":\"77120A3C-9A48-45FC-A620-5072AF325ACF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BED45FB9-410F-4FC6-ACEB-49476F1C50BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D03A8C9-35A5-4B75-9711-7A4A60457307\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE12B6A4-E128-41EC-8017-558F50B961BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"835BFCBC-848C-4A2C-BDE7-3D94CEC3F5D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A1B7A35-B332-476E-A676-C2CD4D72FA50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.3.3\",\"versionEndIncluding\":\"7.3.5\",\"matchCriteriaId\":\"B5BC32AA-78BE-468B-B92A-5A0FFFA970FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.7\",\"matchCriteriaId\":\"47E1F95E-A3A5-4996-B951-0F946CB11210\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.4\",\"versionEndIncluding\":\"8.0.7\",\"matchCriteriaId\":\"703DA91D-3440-4C67-AA20-78F71B1376DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.5\",\"versionEndIncluding\":\"8.0.7\",\"matchCriteriaId\":\"73E05211-8415-42FB-9B93-959EB03B090B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.4\",\"versionEndIncluding\":\"8.0.7\",\"matchCriteriaId\":\"AC15899F-8528-4D10-8CD5-F67121D7F293\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.4\",\"versionEndIncluding\":\"8.0.7\",\"matchCriteriaId\":\"30657F1B-D1FC-4EE6-9854-18993294A01D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.2\",\"versionEndIncluding\":\"8.0.6\",\"matchCriteriaId\":\"E376C9FB-1870-4B4E-8D69-02A70C0A041C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.2\",\"versionEndIncluding\":\"8.0.7\",\"matchCriteriaId\":\"DB6C521C-F104-4E26-82F2-6F63F94108BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"402B8642-7ACC-4F42-87A9-AB4D3B581751\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF6D5112-4055-4F89-A5B3-0DCB109481B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.4\",\"versionEndIncluding\":\"8.0.6\",\"matchCriteriaId\":\"EC3830C0-2B9F-41BD-94C9-E3718467A1AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D027285-07C1-4B3A-AB54-4426C16E236A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3831F35C-DED2-4E40-AA94-1512E106BFF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06E586B3-3434-4B08-8BE3-16C528642CA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C36C520-B5F5-45F1-B55F-62859CDA012E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EAAFF95-000C-4D78-98FF-9EDE9D966A65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5ACB1D2-69CE-4B7D-9B51-D8F80E541631\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03C46CCD-B49F-405A-A0A0-E0DFBA60F0D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A3DC116-2844-47A1-BEC2-D0675DD97148\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AC63D10-2326-4542-B345-31D45B9A7408\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCBF2756-B831-4E6E-A15B-2A11DD48DB7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D76453B-95AF-4AC4-8096-7D117F69B45B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDE3671B-EB36-490A-BA70-575FCA332B94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E03A631E-253A-4C56-9986-97F86C323482\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7506589-9B3B-49BA-B826-774BFDCC45B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"042C243F-EDFE-4A04-AB0B-26E73CC34837\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"228DA523-4D6D-48C5-BDB0-DB1A60F23F8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A81D092-FC04-4B7D-83FB-58D402B5EF9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45CB30A1-B2C9-4BF5-B510-1F2F18B60C64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0A735B4-4F3C-416B-8C08-9CB21BAD2889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E1E416B-920B-49A0-9523-382898C2979D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CBFA960-D242-43ED-8D4C-A60F01B70740\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0513B305-97EF-4609-A82E-D0CDFF9925BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1\",\"versionEndIncluding\":\"17.12\",\"matchCriteriaId\":\"B8249A74-C34A-4F66-8F11-F7F50F8813BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D55A54FD-7DD1-49CD-BE81-0BE73990943C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82EB08C0-2D46-4635-88DF-E54F6452D3A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"202AD518-2E9B-4062-B063-9858AE1F9CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A108B4EF-768F-4118-86B5-C0D9CDDE6A6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"686D4323-4B05-4B92-B598-594A31F937C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD4AB77A-E829-4603-AF6A-97B9CD0D687F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DE15D64-6F49-4F43-8079-0C7827384C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"788F2530-F011-4489-8029-B3468BAF7787\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68B5147A-F6A3-499E-815D-6DAABDA33B03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26C5CF80-8CFF-44D9-B3ED-C259847E9C46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"569644AC-69AD-412D-B399-4052D4DB2928\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70BEF219-45EC-4A53-A815-42FBE20FC300\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EA2023A-1AD6-41FE-A214-9D1F6021D6B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FFFBA49-F340-4A3D-BE8C-73213A669855\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B491FB70-B6FC-4063-BE00-CAD664B39055\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3.0.1\",\"versionEndIncluding\":\"4.3.0.4\",\"matchCriteriaId\":\"70E13C38-9FC3-46BD-B9A4-1033C98C19D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE1E1CA5-D443-4C5D-8F43-550106FFE3DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BB4709C-6373-43CC-918C-876A6569865A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F745235C-55A9-4353-A4CB-4B7834BDD63F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBFF04EF-B1C3-4601-878A-35EA6A15EF0C\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/10\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/11\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/13\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/105658\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0481\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0729\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jquery/jquery/issues/2432\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jquery/jquery/pull/2588\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/May/18\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20210108-0004/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://snyk.io/vuln/npm:jquery:20150627\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.tenable.com/security/tns-2019-08\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/105658\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0481\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0729\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jquery/jquery/issues/2432\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jquery/jquery/pull/2588\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/May/18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20210108-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://snyk.io/vuln/npm:jquery:20150627\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.tenable.com/security/tns-2019-08\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
rhsa-2023:0552
Vulnerability from csaf_redhat
Published
2023-01-31 13:15
Modified
2025-02-14 16:58
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0552",
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "JBEAP-23864",
"url": "https://issues.redhat.com/browse/JBEAP-23864"
},
{
"category": "external",
"summary": "JBEAP-23865",
"url": "https://issues.redhat.com/browse/JBEAP-23865"
},
{
"category": "external",
"summary": "JBEAP-23866",
"url": "https://issues.redhat.com/browse/JBEAP-23866"
},
{
"category": "external",
"summary": "JBEAP-23926",
"url": "https://issues.redhat.com/browse/JBEAP-23926"
},
{
"category": "external",
"summary": "JBEAP-24055",
"url": "https://issues.redhat.com/browse/JBEAP-24055"
},
{
"category": "external",
"summary": "JBEAP-24081",
"url": "https://issues.redhat.com/browse/JBEAP-24081"
},
{
"category": "external",
"summary": "JBEAP-24095",
"url": "https://issues.redhat.com/browse/JBEAP-24095"
},
{
"category": "external",
"summary": "JBEAP-24100",
"url": "https://issues.redhat.com/browse/JBEAP-24100"
},
{
"category": "external",
"summary": "JBEAP-24127",
"url": "https://issues.redhat.com/browse/JBEAP-24127"
},
{
"category": "external",
"summary": "JBEAP-24128",
"url": "https://issues.redhat.com/browse/JBEAP-24128"
},
{
"category": "external",
"summary": "JBEAP-24132",
"url": "https://issues.redhat.com/browse/JBEAP-24132"
},
{
"category": "external",
"summary": "JBEAP-24147",
"url": "https://issues.redhat.com/browse/JBEAP-24147"
},
{
"category": "external",
"summary": "JBEAP-24167",
"url": "https://issues.redhat.com/browse/JBEAP-24167"
},
{
"category": "external",
"summary": "JBEAP-24191",
"url": "https://issues.redhat.com/browse/JBEAP-24191"
},
{
"category": "external",
"summary": "JBEAP-24195",
"url": "https://issues.redhat.com/browse/JBEAP-24195"
},
{
"category": "external",
"summary": "JBEAP-24207",
"url": "https://issues.redhat.com/browse/JBEAP-24207"
},
{
"category": "external",
"summary": "JBEAP-24248",
"url": "https://issues.redhat.com/browse/JBEAP-24248"
},
{
"category": "external",
"summary": "JBEAP-24426",
"url": "https://issues.redhat.com/browse/JBEAP-24426"
},
{
"category": "external",
"summary": "JBEAP-24427",
"url": "https://issues.redhat.com/browse/JBEAP-24427"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0552.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"tracking": {
"current_release_date": "2025-02-14T16:58:44+00:00",
"generator": {
"date": "2025-02-14T16:58:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2023:0552",
"initial_release_date": "2023-01-31T13:15:22+00:00",
"revision_history": [
{
"date": "2023-01-31T13:15:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-31T13:15:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-14T16:58:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.3-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"product_id": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.7-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"product_id": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.3-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria-enterprise@1.0.1-3.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-backend-jgroups@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-backend-jms@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-engine@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-orm@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-serialization-avro@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.16-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-24.Final_redhat_00023.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-24.Final_redhat_00023.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2016-10735",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668097"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the data-target attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10735"
},
{
"category": "external",
"summary": "RHBZ#1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
}
],
"release_date": "2016-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the data-target attribute"
},
{
"cve": "CVE-2017-18214",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-03-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1553413"
}
],
"notes": [
{
"category": "description",
"text": "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-moment: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18214"
},
{
"category": "external",
"summary": "RHBZ#1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214"
}
],
"release_date": "2017-09-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-moment: Regular expression denial of service"
},
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14041",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601616"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14041"
},
{
"category": "external",
"summary": "RHBZ#1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
},
{
"cve": "CVE-2022-3143",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124682"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: possible timing attacks via use of unsafe comparator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3143"
},
{
"category": "external",
"summary": "RHBZ#2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: possible timing attacks via use of unsafe comparator"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd: Java unsafe deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45047"
},
{
"category": "external",
"summary": "RHBZ#2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
"url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
}
],
"release_date": "2022-11-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
},
{
"category": "workaround",
"details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mina-sshd: Java unsafe deserialization vulnerability"
},
{
"cve": "CVE-2022-45693",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45693"
},
{
"category": "external",
"summary": "RHBZ#2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
}
]
}
RHSA-2020:0481
Vulnerability from csaf_redhat
Published
2020-02-12 15:26
Modified
2024-11-15 03:20
Summary
Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R15 security and bug fix update
Notes
Topic
An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications.
This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below.
Security fix(es):
* infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)
* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications.\n\nThis patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below.\n\nSecurity fix(es):\n\n* infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0481",
"url": "https://access.redhat.com/errata/RHSA-2020:0481"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.broker\u0026downloadType=securityPatches\u0026version=6.3.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.broker\u0026downloadType=securityPatches\u0026version=6.3.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=securityPatches\u0026version=6.3",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=securityPatches\u0026version=6.3"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1703469",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703469"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0481.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R15 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-15T03:20:45+00:00",
"generator": {
"date": "2024-11-15T03:20:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:0481",
"initial_release_date": "2020-02-12T15:26:34+00:00",
"revision_history": [
{
"date": "2020-02-12T15:26:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-02-12T15:26:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T03:20:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Fuse 6.3",
"product": {
"name": "Red Hat Fuse 6.3",
"product_id": "Red Hat Fuse 6.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_amq:6.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Fuse"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-12T15:26:34+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Fuse 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0481"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2019-10174",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2018-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1703469"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan\u0027s privileges. The attacker can use reflection to introduce new, malicious behavior into the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight contains the vulnerable library. This library is a requirement of other dependencies (Karaf and Hibernate). Under supported deployments, the vulnerable functionality is not utilized. Based on this, no OpenDaylight versions will not be fixed.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10174"
},
{
"category": "external",
"summary": "RHBZ#1703469",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703469"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10174",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10174"
}
],
"release_date": "2019-11-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-12T15:26:34+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Fuse 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0481"
},
{
"category": "workaround",
"details": "There is no known mitigation for this issue.",
"product_ids": [
"Red Hat Fuse 6.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods"
}
]
}
rhsa-2023_0553
Vulnerability from csaf_redhat
Published
2023-01-31 13:12
Modified
2024-12-16 02:20
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of
service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
(CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM
manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
(CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
(CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability
(CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute
(CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator
(CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
(CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data
(CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n(CVE-2018-14040)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n(CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy\n(CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability\n(CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator\n(CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n(CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data\n(CVE-2022-40150)\n\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0553",
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "JBEAP-23864",
"url": "https://issues.redhat.com/browse/JBEAP-23864"
},
{
"category": "external",
"summary": "JBEAP-23865",
"url": "https://issues.redhat.com/browse/JBEAP-23865"
},
{
"category": "external",
"summary": "JBEAP-23866",
"url": "https://issues.redhat.com/browse/JBEAP-23866"
},
{
"category": "external",
"summary": "JBEAP-23927",
"url": "https://issues.redhat.com/browse/JBEAP-23927"
},
{
"category": "external",
"summary": "JBEAP-24055",
"url": "https://issues.redhat.com/browse/JBEAP-24055"
},
{
"category": "external",
"summary": "JBEAP-24081",
"url": "https://issues.redhat.com/browse/JBEAP-24081"
},
{
"category": "external",
"summary": "JBEAP-24095",
"url": "https://issues.redhat.com/browse/JBEAP-24095"
},
{
"category": "external",
"summary": "JBEAP-24100",
"url": "https://issues.redhat.com/browse/JBEAP-24100"
},
{
"category": "external",
"summary": "JBEAP-24127",
"url": "https://issues.redhat.com/browse/JBEAP-24127"
},
{
"category": "external",
"summary": "JBEAP-24128",
"url": "https://issues.redhat.com/browse/JBEAP-24128"
},
{
"category": "external",
"summary": "JBEAP-24132",
"url": "https://issues.redhat.com/browse/JBEAP-24132"
},
{
"category": "external",
"summary": "JBEAP-24147",
"url": "https://issues.redhat.com/browse/JBEAP-24147"
},
{
"category": "external",
"summary": "JBEAP-24167",
"url": "https://issues.redhat.com/browse/JBEAP-24167"
},
{
"category": "external",
"summary": "JBEAP-24191",
"url": "https://issues.redhat.com/browse/JBEAP-24191"
},
{
"category": "external",
"summary": "JBEAP-24195",
"url": "https://issues.redhat.com/browse/JBEAP-24195"
},
{
"category": "external",
"summary": "JBEAP-24207",
"url": "https://issues.redhat.com/browse/JBEAP-24207"
},
{
"category": "external",
"summary": "JBEAP-24248",
"url": "https://issues.redhat.com/browse/JBEAP-24248"
},
{
"category": "external",
"summary": "JBEAP-24426",
"url": "https://issues.redhat.com/browse/JBEAP-24426"
},
{
"category": "external",
"summary": "JBEAP-24427",
"url": "https://issues.redhat.com/browse/JBEAP-24427"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0553.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"tracking": {
"current_release_date": "2024-12-16T02:20:24+00:00",
"generator": {
"date": "2024-12-16T02:20:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:0553",
"initial_release_date": "2023-01-31T13:12:13+00:00",
"revision_history": [
{
"date": "2023-01-31T13:12:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-31T13:12:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-16T02:20:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.3-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"product_id": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.7-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"product_id": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"product_id": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"product_id": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el8eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.3-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria-enterprise@1.0.1-3.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-backend-jgroups@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-backend-jms@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-engine@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-orm@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-serialization-avro@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.16-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-24.Final_redhat_00023.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-24.Final_redhat_00023.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.9-4.GA_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.9-4.GA_redhat_00003.1.el8eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2016-10735",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668097"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the data-target attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10735"
},
{
"category": "external",
"summary": "RHBZ#1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
}
],
"release_date": "2016-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the data-target attribute"
},
{
"cve": "CVE-2017-18214",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-03-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1553413"
}
],
"notes": [
{
"category": "description",
"text": "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-moment: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18214"
},
{
"category": "external",
"summary": "RHBZ#1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214"
}
],
"release_date": "2017-09-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-moment: Regular expression denial of service"
},
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14041",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601616"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14041"
},
{
"category": "external",
"summary": "RHBZ#1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
},
{
"cve": "CVE-2022-3143",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124682"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: possible timing attacks via use of unsafe comparator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3143"
},
{
"category": "external",
"summary": "RHBZ#2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: possible timing attacks via use of unsafe comparator"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd: Java unsafe deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45047"
},
{
"category": "external",
"summary": "RHBZ#2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
"url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
}
],
"release_date": "2022-11-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
},
{
"category": "workaround",
"details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mina-sshd: Java unsafe deserialization vulnerability"
},
{
"cve": "CVE-2022-45693",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45693"
},
{
"category": "external",
"summary": "RHBZ#2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
}
]
}
RHSA-2020:4847
Vulnerability from csaf_redhat
Published
2020-11-04 01:39
Modified
2025-02-14 16:58
Summary
Red Hat Security Advisory: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
Notes
Topic
An update for the pki-core:10.6 and pki-deps:10.6 modules is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.
Security Fix(es):
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
* pki: Dogtag's python client does not validate certificates (CVE-2020-15720)
* pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146)
* pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab (CVE-2019-10179)
* pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221)
* pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the pki-core:10.6 and pki-deps:10.6 modules is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.\n\nSecurity Fix(es):\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n\n* pki: Dogtag\u0027s python client does not validate certificates (CVE-2020-15720)\n\n* pki-core: Reflected XSS in \u0027path length\u0027 constraint field in CA\u0027s Agent page (CVE-2019-10146)\n\n* pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA\u0027s DRM agent page in authorize recovery tab (CVE-2019-10179)\n\n* pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221)\n\n* pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4847",
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1376706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376706"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1406505",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406505"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1666907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666907"
},
{
"category": "external",
"summary": "1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1695901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695901"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1706521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1706521"
},
{
"category": "external",
"summary": "1710171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1710171"
},
{
"category": "external",
"summary": "1721684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1721684"
},
{
"category": "external",
"summary": "1724433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724433"
},
{
"category": "external",
"summary": "1732565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732565"
},
{
"category": "external",
"summary": "1732981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732981"
},
{
"category": "external",
"summary": "1777579",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1777579"
},
{
"category": "external",
"summary": "1805541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805541"
},
{
"category": "external",
"summary": "1817247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817247"
},
{
"category": "external",
"summary": "1821851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821851"
},
{
"category": "external",
"summary": "1822246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822246"
},
{
"category": "external",
"summary": "1824939",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824939"
},
{
"category": "external",
"summary": "1824948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824948"
},
{
"category": "external",
"summary": "1825998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825998"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1842734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842734"
},
{
"category": "external",
"summary": "1842736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842736"
},
{
"category": "external",
"summary": "1843537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843537"
},
{
"category": "external",
"summary": "1845447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845447"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "1854043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854043"
},
{
"category": "external",
"summary": "1854959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854959"
},
{
"category": "external",
"summary": "1855273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855273"
},
{
"category": "external",
"summary": "1855319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855319"
},
{
"category": "external",
"summary": "1856368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856368"
},
{
"category": "external",
"summary": "1857933",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857933"
},
{
"category": "external",
"summary": "1861911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861911"
},
{
"category": "external",
"summary": "1869893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869893"
},
{
"category": "external",
"summary": "1871064",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871064"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
},
{
"category": "external",
"summary": "1873235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873235"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4847.json"
}
],
"title": "Red Hat Security Advisory: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-02-14T16:58:36+00:00",
"generator": {
"date": "2025-02-14T16:58:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2020:4847",
"initial_release_date": "2020-11-04T01:39:43+00:00",
"revision_history": [
{
"date": "2020-11-04T01:39:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-04T01:39:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-14T16:58:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pki-deps:10.6:8030020200527165326:30b713e6",
"product": {
"name": "pki-deps:10.6:8030020200527165326:30b713e6",
"product_id": "pki-deps:10.6:8030020200527165326:30b713e6",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/pki-deps@10.6:8030020200527165326:30b713e6"
}
}
},
{
"category": "product_version",
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-collections@3.2.2-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-lang@2.6-21.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"product": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"product_id": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-net@3.6-3.module%2Bel8.3.0%2B6805%2B72837426?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bea-stax-api@1.2.0-16.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-fastinfoset@1.2.13-9.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-api@2.2.12-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-core@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-runtime@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-txw2@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product": {
"name": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product_id": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-annotations@2.10.0-1.module%2Bel8.2.0%2B5059%2B3eb3af25?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product": {
"name": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product_id": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-core@2.10.0-1.module%2Bel8.2.0%2B5059%2B3eb3af25?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product": {
"name": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product_id": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-databind@2.10.0-1.module%2Bel8.2.0%2B5059%2B3eb3af25?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"product": {
"name": "jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"product_id": "jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-json-provider@2.9.9-1.module%2Bel8.1.0%2B3832%2B9784644d?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"product": {
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"product_id": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.9.9-1.module%2Bel8.1.0%2B3832%2B9784644d?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-module-jaxb-annotations@2.7.6-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-28.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist-javadoc@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"product": {
"name": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"product_id": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-4.0-api@9.0.30-1.module%2Bel8.3.0%2B6730%2B8f9c6254?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"product": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"product_id": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.30-1.module%2Bel8.3.0%2B6730%2B8f9c6254?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/relaxngDatatype@2011.1-7.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"product": {
"name": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"product_id": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resteasy@3.0.26-3.module%2Bel8.2.0%2B5723%2B4574fbff?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j-jdk14@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"product": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"product_id": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/stax-ex@1.7.7-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/velocity@1.7-24.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xalan-j2@2.7.1-38.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.11.0-34.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.4.01-25.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-resolver@1.2-26.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"product": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"product_id": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlstreambuffer@1.5.4-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xsom@0-19.20110809svn.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-core:10.6:8030020200911215836:5ff1562f",
"product": {
"name": "pki-core:10.6:8030020200911215836:5ff1562f",
"product_id": "pki-core:10.6:8030020200911215836:5ff1562f",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/pki-core@10.6:8030020200911215836:5ff1562f"
}
}
},
{
"category": "product_version",
"name": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"product": {
"name": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"product_id": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ldapjdk@4.22.0-1.module%2Bel8.3.0%2B6784%2B6e1e4c62?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"product": {
"name": "ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"product_id": "ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ldapjdk-javadoc@4.22.0-1.module%2Bel8.3.0%2B6784%2B6e1e4c62?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product": {
"name": "pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_id": "pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-base@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product": {
"name": "pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_id": "pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-base-java@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product": {
"name": "pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_id": "pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-ca@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product": {
"name": "pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_id": "pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-kra@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product": {
"name": "pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_id": "pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-server@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product": {
"name": "python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_id": "python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pki@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"product": {
"name": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"product_id": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcatjss@7.5.0-1.module%2Bel8.3.0%2B7355%2Bc59bcbd9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"product_id": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-collections@3.2.2-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"product_id": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-lang@2.6-21.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"product": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"product_id": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-net@3.6-3.module%2Bel8.3.0%2B6805%2B72837426?arch=src"
}
}
},
{
"category": "product_version",
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"product_id": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bea-stax@1.2.0-16.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"product_id": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-fastinfoset@1.2.13-9.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"product_id": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"product_id": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-api@2.2.12-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product": {
"name": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product_id": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-annotations@2.10.0-1.module%2Bel8.2.0%2B5059%2B3eb3af25?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product": {
"name": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product_id": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-core@2.10.0-1.module%2Bel8.2.0%2B5059%2B3eb3af25?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product": {
"name": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product_id": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-databind@2.10.0-1.module%2Bel8.2.0%2B5059%2B3eb3af25?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"product": {
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"product_id": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.9.9-1.module%2Bel8.1.0%2B3832%2B9784644d?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"product_id": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-module-jaxb-annotations@2.7.6-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"product_id": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-28.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"product_id": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"product": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"product_id": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.30-1.module%2Bel8.3.0%2B6730%2B8f9c6254?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"product_id": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"product_id": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/relaxngDatatype@2011.1-7.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"product": {
"name": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"product_id": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resteasy@3.0.26-3.module%2Bel8.2.0%2B5723%2B4574fbff?arch=src"
}
}
},
{
"category": "product_version",
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"product_id": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"product": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"product_id": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/stax-ex@1.7.7-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=src"
}
}
},
{
"category": "product_version",
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"product_id": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/velocity@1.7-24.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"product_id": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xalan-j2@2.7.1-38.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"product_id": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.11.0-34.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"product_id": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.4.01-25.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"product_id": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-resolver@1.2-26.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"product": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"product_id": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlstreambuffer@1.5.4-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=src"
}
}
},
{
"category": "product_version",
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src",
"product_id": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xsom@0-19.20110809svn.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"product": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"product_id": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=src"
}
}
},
{
"category": "product_version",
"name": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"product": {
"name": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"product_id": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ldapjdk@4.22.0-1.module%2Bel8.3.0%2B6784%2B6e1e4c62?arch=src"
}
}
},
{
"category": "product_version",
"name": "pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"product": {
"name": "pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"product_id": "pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"product": {
"name": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"product_id": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcatjss@7.5.0-1.module%2Bel8.3.0%2B7355%2Bc59bcbd9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debuginfo@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debugsource@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-javadoc@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debugsource@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debuginfo@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debugsource@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-javadoc@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debugsource@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debuginfo@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debugsource@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-javadoc@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debugsource@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debuginfo@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debugsource@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-javadoc@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debugsource@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
"product_reference": "pki-core:10.6:8030020200911215836:5ff1562f",
"relates_to_product_reference": "AppStream-8.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src"
},
"product_reference": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch"
},
"product_reference": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src"
},
"product_reference": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch"
},
"product_reference": "ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch"
},
"product_reference": "pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch"
},
"product_reference": "pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch"
},
"product_reference": "pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src"
},
"product_reference": "pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch"
},
"product_reference": "pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch"
},
"product_reference": "pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch"
},
"product_reference": "python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch"
},
"product_reference": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src"
},
"product_reference": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
"product_reference": "pki-deps:10.6:8030020200527165326:30b713e6",
"relates_to_product_reference": "AppStream-8.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch"
},
"product_reference": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src"
},
"product_reference": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch"
},
"product_reference": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src"
},
"product_reference": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch"
},
"product_reference": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src"
},
"product_reference": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch"
},
"product_reference": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src"
},
"product_reference": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch"
},
"product_reference": "jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch"
},
"product_reference": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src"
},
"product_reference": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch"
},
"product_reference": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch"
},
"product_reference": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src"
},
"product_reference": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch"
},
"product_reference": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src"
},
"product_reference": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2016-10735",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668097"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the data-target attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10735"
},
{
"category": "external",
"summary": "RHBZ#1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
}
],
"release_date": "2016-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the data-target attribute"
},
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"acknowledgments": [
{
"names": [
"Pritam Singh"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-10146",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1710171"
}
],
"notes": [
{
"category": "description",
"text": "A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pki-core: Reflected XSS in \u0027path length\u0027 constraint field in CA\u0027s Agent page",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is considered Low, because it requires the attacker to first request or predict a valid nonce. Without a valid nonce, no arbitrary HTML will be sent back to the victim\u0027s browser.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10146"
},
{
"category": "external",
"summary": "RHBZ#1710171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1710171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10146",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10146"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10146",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10146"
}
],
"release_date": "2020-02-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "pki-core: Reflected XSS in \u0027path length\u0027 constraint field in CA\u0027s Agent page"
},
{
"acknowledgments": [
{
"names": [
"Pritam Singh"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-10179",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695901"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA\u0027s DRM agent page in authorize recovery tab",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10179"
},
{
"category": "external",
"summary": "RHBZ#1695901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10179",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10179"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10179",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10179"
}
],
"release_date": "2020-02-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA\u0027s DRM agent page in authorize recovery tab"
},
{
"acknowledgments": [
{
"names": [
"Pritam Singh"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-10221",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-07-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1732565"
}
],
"notes": [
{
"category": "description",
"text": "A Reflected Cross Site Scripting vulnerability was found in the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pki-core: Reflected XSS in getcookies?url= endpoint in CA",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10221"
},
{
"category": "external",
"summary": "RHBZ#1732565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732565"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10221"
}
],
"release_date": "2020-02-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "pki-core: Reflected XSS in getcookies?url= endpoint in CA"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"acknowledgments": [
{
"names": [
"Pritam Singh"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-1721",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1777579"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Key Recovery Authority (KRA) Agent Service where it did not properly sanitize the recovery ID during a key recovery request, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pki-core: KRA vulnerable to reflected XSS via the getPk12 page",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1721"
},
{
"category": "external",
"summary": "RHBZ#1777579",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1777579"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1721",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1721"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1721",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1721"
}
],
"release_date": "2020-02-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "pki-core: KRA vulnerable to reflected XSS via the getPk12 page"
},
{
"acknowledgments": [
{
"names": [
"@ZeddYu"
],
"organization": "Apache Tomcat Security Team"
}
],
"cve": "CVE-2020-1935",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-12-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1806835"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line (EOL) parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. The highest threat with this vulnerability is system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight in Red Hat OpenStack 10 \u0026 13 was in technical preview status, because of this no fixes will be released for it.\n\nIn Red Hat Satellite 6, Candlepin is using Tomcat to provide a REST API, and has been found to be vulnerable to the flaw. However, it is currently believed that no useful attacks can be carried over.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1935"
},
{
"category": "external",
"summary": "RHBZ#1806835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806835"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1935",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1935"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
}
],
"release_date": "2020-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
},
{
"category": "workaround",
"details": "Workaround for Red Hat Satellite 6 is to add iptables rule to deny TCP requests of Tomcat that are not originating from the Satellite.\n\nFor other Red Hat products, either mitigation isn\u0027t available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling"
},
{
"cve": "CVE-2020-1938",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1806398"
}
],
"notes": [
{
"category": "description",
"text": "CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1745",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1938"
},
{
"category": "external",
"summary": "RHBZ#1806398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1938",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938"
},
{
"category": "external",
"summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/",
"url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
},
{
"category": "external",
"summary": "https://www.cnvd.org.cn/webinfo/show/5415",
"url": "https://www.cnvd.org.cn/webinfo/show/5415"
},
{
"category": "external",
"summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487",
"url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
},
{
"category": "workaround",
"details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-03T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
},
{
"acknowledgments": [
{
"names": [
"Christian Heimes"
]
}
],
"cve": "CVE-2020-15720",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1855273"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PKI, where the dogtag\u0027s pki.client.PKIConnection class disables the python-requests certificate validation. This flaw allows an attacker to intercept a connection between a FreeIPA client and a server, and execute an active Man-in-the-Middle attack. The highest threat from this vulnerability is to confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pki: Dogtag\u0027s python client does not validate certificates",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In PKI, the pki.client.PKIConnection python class is used by the `pki-server` and `pkispawn` commands. `pki-server` runs locally on the server, thus not subject to a Person in the Middle attack. `pkispawn` may access remote node in decentralized or cloned contexts.\n\nIdentity Management (IPA) command line interface (the vault related sub-commands) may call pki.client.PKIConnection().",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-15720"
},
{
"category": "external",
"summary": "RHBZ#1855273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-15720",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15720"
}
],
"release_date": "2020-06-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pki: Dogtag\u0027s python client does not validate certificates"
},
{
"cve": "CVE-2020-25715",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-10-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1891016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pki-core. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pki-core: XSS in the certificate search results",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8.3 (pki-core 10.9.4) contains mitigations that prevents the vulnerability to be exploited. Red Hat Enterprise Linux version 8 prior to 8.3 are vulnerable to this version",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25715"
},
{
"category": "external",
"summary": "RHBZ#1891016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25715",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25715"
}
],
"release_date": "2021-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
},
{
"category": "workaround",
"details": "Because the cross-site scripting (XSS) attack requires the victim to have their RHCS certificate installed in their web browser to be successful, it is recommended that web browser not hold the keys and that the user use the command line interface (CLI) instead.",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pki-core: XSS in the certificate search results"
},
{
"cve": "CVE-2022-25762",
"cwe": {
"id": "CWE-226",
"name": "Sensitive Information in Resource Not Removed Before Reuse"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085304"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocket connection closing, the application may continue to use the socket after it has been closed. In this case, the error handling triggered could cause the pooled object to be placed in the pool twice. This issue results in subsequent connections using the same object concurrently, which causes data to be potentially returned to the wrong user or application stability issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: request mixup",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25762"
},
{
"category": "external",
"summary": "RHBZ#2085304",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085304"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25762",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25762"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25762",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25762"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.76",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.76"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: request mixup"
}
]
}
rhsa-2020_4847
Vulnerability from csaf_redhat
Published
2020-11-04 01:39
Modified
2024-11-22 15:10
Summary
Red Hat Security Advisory: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
Notes
Topic
An update for the pki-core:10.6 and pki-deps:10.6 modules is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.
Security Fix(es):
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
* pki: Dogtag's python client does not validate certificates (CVE-2020-15720)
* pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146)
* pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab (CVE-2019-10179)
* pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221)
* pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the pki-core:10.6 and pki-deps:10.6 modules is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.\n\nSecurity Fix(es):\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n\n* pki: Dogtag\u0027s python client does not validate certificates (CVE-2020-15720)\n\n* pki-core: Reflected XSS in \u0027path length\u0027 constraint field in CA\u0027s Agent page (CVE-2019-10146)\n\n* pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA\u0027s DRM agent page in authorize recovery tab (CVE-2019-10179)\n\n* pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221)\n\n* pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4847",
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
},
{
"category": "external",
"summary": "1376706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376706"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1406505",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406505"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1666907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666907"
},
{
"category": "external",
"summary": "1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1695901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695901"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1706521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1706521"
},
{
"category": "external",
"summary": "1710171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1710171"
},
{
"category": "external",
"summary": "1721684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1721684"
},
{
"category": "external",
"summary": "1724433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724433"
},
{
"category": "external",
"summary": "1732565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732565"
},
{
"category": "external",
"summary": "1732981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732981"
},
{
"category": "external",
"summary": "1777579",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1777579"
},
{
"category": "external",
"summary": "1805541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805541"
},
{
"category": "external",
"summary": "1817247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817247"
},
{
"category": "external",
"summary": "1821851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821851"
},
{
"category": "external",
"summary": "1822246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822246"
},
{
"category": "external",
"summary": "1824939",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824939"
},
{
"category": "external",
"summary": "1824948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824948"
},
{
"category": "external",
"summary": "1825998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825998"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1842734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842734"
},
{
"category": "external",
"summary": "1842736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842736"
},
{
"category": "external",
"summary": "1843537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843537"
},
{
"category": "external",
"summary": "1845447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845447"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "1854043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854043"
},
{
"category": "external",
"summary": "1854959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854959"
},
{
"category": "external",
"summary": "1855273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855273"
},
{
"category": "external",
"summary": "1855319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855319"
},
{
"category": "external",
"summary": "1856368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856368"
},
{
"category": "external",
"summary": "1857933",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857933"
},
{
"category": "external",
"summary": "1861911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861911"
},
{
"category": "external",
"summary": "1869893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869893"
},
{
"category": "external",
"summary": "1871064",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871064"
},
{
"category": "external",
"summary": "1873235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873235"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4847.json"
}
],
"title": "Red Hat Security Advisory: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T15:10:07+00:00",
"generator": {
"date": "2024-11-22T15:10:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:4847",
"initial_release_date": "2020-11-04T01:39:43+00:00",
"revision_history": [
{
"date": "2020-11-04T01:39:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-04T01:39:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T15:10:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pki-deps:10.6:8030020200527165326:30b713e6",
"product": {
"name": "pki-deps:10.6:8030020200527165326:30b713e6",
"product_id": "pki-deps:10.6:8030020200527165326:30b713e6",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/pki-deps@10.6:8030020200527165326:30b713e6"
}
}
},
{
"category": "product_version",
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-collections@3.2.2-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-lang@2.6-21.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"product": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"product_id": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-net@3.6-3.module%2Bel8.3.0%2B6805%2B72837426?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bea-stax-api@1.2.0-16.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-fastinfoset@1.2.13-9.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-api@2.2.12-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-core@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-runtime@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-txw2@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product": {
"name": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product_id": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-annotations@2.10.0-1.module%2Bel8.2.0%2B5059%2B3eb3af25?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product": {
"name": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product_id": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-core@2.10.0-1.module%2Bel8.2.0%2B5059%2B3eb3af25?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product": {
"name": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product_id": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-databind@2.10.0-1.module%2Bel8.2.0%2B5059%2B3eb3af25?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"product": {
"name": "jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"product_id": "jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-json-provider@2.9.9-1.module%2Bel8.1.0%2B3832%2B9784644d?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"product": {
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"product_id": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.9.9-1.module%2Bel8.1.0%2B3832%2B9784644d?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-module-jaxb-annotations@2.7.6-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-28.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist-javadoc@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"product": {
"name": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"product_id": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-4.0-api@9.0.30-1.module%2Bel8.3.0%2B6730%2B8f9c6254?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"product": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"product_id": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.30-1.module%2Bel8.3.0%2B6730%2B8f9c6254?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/relaxngDatatype@2011.1-7.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"product": {
"name": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"product_id": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resteasy@3.0.26-3.module%2Bel8.2.0%2B5723%2B4574fbff?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j-jdk14@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"product": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"product_id": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/stax-ex@1.7.7-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/velocity@1.7-24.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xalan-j2@2.7.1-38.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.11.0-34.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.4.01-25.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-resolver@1.2-26.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"product": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"product_id": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlstreambuffer@1.5.4-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xsom@0-19.20110809svn.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-core:10.6:8030020200911215836:5ff1562f",
"product": {
"name": "pki-core:10.6:8030020200911215836:5ff1562f",
"product_id": "pki-core:10.6:8030020200911215836:5ff1562f",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/pki-core@10.6:8030020200911215836:5ff1562f"
}
}
},
{
"category": "product_version",
"name": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"product": {
"name": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"product_id": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ldapjdk@4.22.0-1.module%2Bel8.3.0%2B6784%2B6e1e4c62?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"product": {
"name": "ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"product_id": "ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ldapjdk-javadoc@4.22.0-1.module%2Bel8.3.0%2B6784%2B6e1e4c62?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product": {
"name": "pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_id": "pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-base@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product": {
"name": "pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_id": "pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-base-java@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product": {
"name": "pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_id": "pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-ca@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product": {
"name": "pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_id": "pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-kra@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product": {
"name": "pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_id": "pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-server@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product": {
"name": "python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_id": "python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pki@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"product": {
"name": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"product_id": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcatjss@7.5.0-1.module%2Bel8.3.0%2B7355%2Bc59bcbd9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"product_id": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-collections@3.2.2-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"product_id": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-lang@2.6-21.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"product": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"product_id": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-net@3.6-3.module%2Bel8.3.0%2B6805%2B72837426?arch=src"
}
}
},
{
"category": "product_version",
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"product_id": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bea-stax@1.2.0-16.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"product_id": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-fastinfoset@1.2.13-9.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"product_id": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"product_id": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-api@2.2.12-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product": {
"name": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product_id": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-annotations@2.10.0-1.module%2Bel8.2.0%2B5059%2B3eb3af25?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product": {
"name": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product_id": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-core@2.10.0-1.module%2Bel8.2.0%2B5059%2B3eb3af25?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product": {
"name": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product_id": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-databind@2.10.0-1.module%2Bel8.2.0%2B5059%2B3eb3af25?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"product": {
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"product_id": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.9.9-1.module%2Bel8.1.0%2B3832%2B9784644d?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"product_id": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-module-jaxb-annotations@2.7.6-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"product_id": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-28.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"product_id": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"product": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"product_id": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.30-1.module%2Bel8.3.0%2B6730%2B8f9c6254?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"product_id": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"product_id": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/relaxngDatatype@2011.1-7.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"product": {
"name": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"product_id": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resteasy@3.0.26-3.module%2Bel8.2.0%2B5723%2B4574fbff?arch=src"
}
}
},
{
"category": "product_version",
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"product_id": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"product": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"product_id": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/stax-ex@1.7.7-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=src"
}
}
},
{
"category": "product_version",
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"product_id": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/velocity@1.7-24.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"product_id": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xalan-j2@2.7.1-38.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"product_id": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.11.0-34.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"product_id": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.4.01-25.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"product_id": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-resolver@1.2-26.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"product": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"product_id": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlstreambuffer@1.5.4-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=src"
}
}
},
{
"category": "product_version",
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src",
"product_id": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xsom@0-19.20110809svn.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"product": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"product_id": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=src"
}
}
},
{
"category": "product_version",
"name": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"product": {
"name": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"product_id": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ldapjdk@4.22.0-1.module%2Bel8.3.0%2B6784%2B6e1e4c62?arch=src"
}
}
},
{
"category": "product_version",
"name": "pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"product": {
"name": "pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"product_id": "pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"product": {
"name": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"product_id": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcatjss@7.5.0-1.module%2Bel8.3.0%2B7355%2Bc59bcbd9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debuginfo@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debugsource@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-javadoc@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debugsource@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debuginfo@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debugsource@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-javadoc@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debugsource@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debuginfo@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debugsource@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-javadoc@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debugsource@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debuginfo@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debugsource@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-javadoc@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debugsource@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
"product_reference": "pki-core:10.6:8030020200911215836:5ff1562f",
"relates_to_product_reference": "AppStream-8.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src"
},
"product_reference": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch"
},
"product_reference": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src"
},
"product_reference": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch"
},
"product_reference": "ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch"
},
"product_reference": "pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch"
},
"product_reference": "pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch"
},
"product_reference": "pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src"
},
"product_reference": "pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch"
},
"product_reference": "pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch"
},
"product_reference": "pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch"
},
"product_reference": "python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch"
},
"product_reference": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src"
},
"product_reference": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
"product_reference": "pki-deps:10.6:8030020200527165326:30b713e6",
"relates_to_product_reference": "AppStream-8.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch"
},
"product_reference": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src"
},
"product_reference": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch"
},
"product_reference": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src"
},
"product_reference": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch"
},
"product_reference": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src"
},
"product_reference": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch"
},
"product_reference": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src"
},
"product_reference": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch"
},
"product_reference": "jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch"
},
"product_reference": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src"
},
"product_reference": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch"
},
"product_reference": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch"
},
"product_reference": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src"
},
"product_reference": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch"
},
"product_reference": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src"
},
"product_reference": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2016-10735",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668097"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the data-target attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10735"
},
{
"category": "external",
"summary": "RHBZ#1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
}
],
"release_date": "2016-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the data-target attribute"
},
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"acknowledgments": [
{
"names": [
"Pritam Singh"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-10146",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1710171"
}
],
"notes": [
{
"category": "description",
"text": "A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pki-core: Reflected XSS in \u0027path length\u0027 constraint field in CA\u0027s Agent page",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is considered Low, because it requires the attacker to first request or predict a valid nonce. Without a valid nonce, no arbitrary HTML will be sent back to the victim\u0027s browser.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10146"
},
{
"category": "external",
"summary": "RHBZ#1710171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1710171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10146",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10146"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10146",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10146"
}
],
"release_date": "2020-02-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "pki-core: Reflected XSS in \u0027path length\u0027 constraint field in CA\u0027s Agent page"
},
{
"acknowledgments": [
{
"names": [
"Pritam Singh"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-10179",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695901"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA\u0027s DRM agent page in authorize recovery tab",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10179"
},
{
"category": "external",
"summary": "RHBZ#1695901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10179",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10179"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10179",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10179"
}
],
"release_date": "2020-02-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA\u0027s DRM agent page in authorize recovery tab"
},
{
"acknowledgments": [
{
"names": [
"Pritam Singh"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-10221",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-07-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1732565"
}
],
"notes": [
{
"category": "description",
"text": "A Reflected Cross Site Scripting vulnerability was found in the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pki-core: Reflected XSS in getcookies?url= endpoint in CA",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10221"
},
{
"category": "external",
"summary": "RHBZ#1732565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732565"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10221"
}
],
"release_date": "2020-02-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "pki-core: Reflected XSS in getcookies?url= endpoint in CA"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"acknowledgments": [
{
"names": [
"Pritam Singh"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-1721",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1777579"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Key Recovery Authority (KRA) Agent Service where it did not properly sanitize the recovery ID during a key recovery request, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pki-core: KRA vulnerable to reflected XSS via the getPk12 page",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1721"
},
{
"category": "external",
"summary": "RHBZ#1777579",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1777579"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1721",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1721"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1721",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1721"
}
],
"release_date": "2020-02-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "pki-core: KRA vulnerable to reflected XSS via the getPk12 page"
},
{
"acknowledgments": [
{
"names": [
"@ZeddYu"
],
"organization": "Apache Tomcat Security Team"
}
],
"cve": "CVE-2020-1935",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-12-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1806835"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line (EOL) parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. The highest threat with this vulnerability is system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight in Red Hat OpenStack 10 \u0026 13 was in technical preview status, because of this no fixes will be released for it.\n\nIn Red Hat Satellite 6, Candlepin is using Tomcat to provide a REST API, and has been found to be vulnerable to the flaw. However, it is currently believed that no useful attacks can be carried over.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1935"
},
{
"category": "external",
"summary": "RHBZ#1806835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806835"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1935",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1935"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
}
],
"release_date": "2020-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
},
{
"category": "workaround",
"details": "Workaround for Red Hat Satellite 6 is to add iptables rule to deny TCP requests of Tomcat that are not originating from the Satellite.\n\nFor other Red Hat products, either mitigation isn\u0027t available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling"
},
{
"cve": "CVE-2020-1938",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1806398"
}
],
"notes": [
{
"category": "description",
"text": "CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1745",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1938"
},
{
"category": "external",
"summary": "RHBZ#1806398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1938",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938"
},
{
"category": "external",
"summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/",
"url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
},
{
"category": "external",
"summary": "https://www.cnvd.org.cn/webinfo/show/5415",
"url": "https://www.cnvd.org.cn/webinfo/show/5415"
},
{
"category": "external",
"summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487",
"url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
},
{
"category": "workaround",
"details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-03T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
},
{
"acknowledgments": [
{
"names": [
"Christian Heimes"
]
}
],
"cve": "CVE-2020-15720",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1855273"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PKI, where the dogtag\u0027s pki.client.PKIConnection class disables the python-requests certificate validation. This flaw allows an attacker to intercept a connection between a FreeIPA client and a server, and execute an active Man-in-the-Middle attack. The highest threat from this vulnerability is to confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pki: Dogtag\u0027s python client does not validate certificates",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In PKI, the pki.client.PKIConnection python class is used by the `pki-server` and `pkispawn` commands. `pki-server` runs locally on the server, thus not subject to a Person in the Middle attack. `pkispawn` may access remote node in decentralized or cloned contexts.\n\nIdentity Management (IPA) command line interface (the vault related sub-commands) may call pki.client.PKIConnection().",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-15720"
},
{
"category": "external",
"summary": "RHBZ#1855273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-15720",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15720"
}
],
"release_date": "2020-06-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pki: Dogtag\u0027s python client does not validate certificates"
},
{
"cve": "CVE-2020-25715",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-10-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1891016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pki-core. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pki-core: XSS in the certificate search results",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8.3 (pki-core 10.9.4) contains mitigations that prevents the vulnerability to be exploited. Red Hat Enterprise Linux version 8 prior to 8.3 are vulnerable to this version",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25715"
},
{
"category": "external",
"summary": "RHBZ#1891016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25715",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25715"
}
],
"release_date": "2021-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
},
{
"category": "workaround",
"details": "Because the cross-site scripting (XSS) attack requires the victim to have their RHCS certificate installed in their web browser to be successful, it is recommended that web browser not hold the keys and that the user use the command line interface (CLI) instead.",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pki-core: XSS in the certificate search results"
},
{
"cve": "CVE-2022-25762",
"cwe": {
"id": "CWE-226",
"name": "Sensitive Information in Resource Not Removed Before Reuse"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085304"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocket connection closing, the application may continue to use the socket after it has been closed. In this case, the error handling triggered could cause the pooled object to be placed in the pool twice. This issue results in subsequent connections using the same object concurrently, which causes data to be potentially returned to the wrong user or application stability issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: request mixup",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25762"
},
{
"category": "external",
"summary": "RHBZ#2085304",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085304"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25762",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25762"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25762",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25762"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.76",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.76"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: request mixup"
}
]
}
rhsa-2020_4670
Vulnerability from csaf_redhat
Published
2020-11-04 01:31
Modified
2024-11-22 14:43
Summary
Red Hat Security Advisory: idm:DL1 and idm:client security, bug fix, and enhancement update
Notes
Topic
An update for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.
The following packages have been upgraded to a later upstream version: ipa (4.8.7), softhsm (2.6.0), opendnssec (2.1.6). (BZ#1759888, BZ#1818765, BZ#1818877)
Security Fix(es):
* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)
* bootstrap: XSS in the affix configuration target property (CVE-2018-20677)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* js-jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* ipa: No password length restriction leads to denial of service (CVE-2020-1722)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. \n\nThe following packages have been upgraded to a later upstream version: ipa (4.8.7), softhsm (2.6.0), opendnssec (2.1.6). (BZ#1759888, BZ#1818765, BZ#1818877)\n\nSecurity Fix(es):\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)\n\n* bootstrap: XSS in the affix configuration target property (CVE-2018-20677)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* js-jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* ipa: No password length restriction leads to denial of service (CVE-2020-1722)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4670",
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1430365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430365"
},
{
"category": "external",
"summary": "1488732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488732"
},
{
"category": "external",
"summary": "1585020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585020"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1651577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1651577"
},
{
"category": "external",
"summary": "1668082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668082"
},
{
"category": "external",
"summary": "1668089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668089"
},
{
"category": "external",
"summary": "1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1701233",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701233"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1746830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1746830"
},
{
"category": "external",
"summary": "1750893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1750893"
},
{
"category": "external",
"summary": "1751295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1751295"
},
{
"category": "external",
"summary": "1757045",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757045"
},
{
"category": "external",
"summary": "1759888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1759888"
},
{
"category": "external",
"summary": "1768156",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1768156"
},
{
"category": "external",
"summary": "1777806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1777806"
},
{
"category": "external",
"summary": "1793071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793071"
},
{
"category": "external",
"summary": "1801698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801698"
},
{
"category": "external",
"summary": "1802471",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802471"
},
{
"category": "external",
"summary": "1809835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809835"
},
{
"category": "external",
"summary": "1810154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1810154"
},
{
"category": "external",
"summary": "1810179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1810179"
},
{
"category": "external",
"summary": "1813330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813330"
},
{
"category": "external",
"summary": "1816784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816784"
},
{
"category": "external",
"summary": "1818765",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1818765"
},
{
"category": "external",
"summary": "1818877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1818877"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1831732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831732"
},
{
"category": "external",
"summary": "1831935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831935"
},
{
"category": "external",
"summary": "1832331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1832331"
},
{
"category": "external",
"summary": "1833266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833266"
},
{
"category": "external",
"summary": "1834264",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834264"
},
{
"category": "external",
"summary": "1834909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834909"
},
{
"category": "external",
"summary": "1845211",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845211"
},
{
"category": "external",
"summary": "1845537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845537"
},
{
"category": "external",
"summary": "1845596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845596"
},
{
"category": "external",
"summary": "1846352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846352"
},
{
"category": "external",
"summary": "1846434",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846434"
},
{
"category": "external",
"summary": "1847999",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847999"
},
{
"category": "external",
"summary": "1849914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849914"
},
{
"category": "external",
"summary": "1851411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851411"
},
{
"category": "external",
"summary": "1852244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852244"
},
{
"category": "external",
"summary": "1853263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853263"
},
{
"category": "external",
"summary": "1857157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857157"
},
{
"category": "external",
"summary": "1858318",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1858318"
},
{
"category": "external",
"summary": "1859213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1859213"
},
{
"category": "external",
"summary": "1863079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1863079"
},
{
"category": "external",
"summary": "1863616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1863616"
},
{
"category": "external",
"summary": "1866291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866291"
},
{
"category": "external",
"summary": "1866938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866938"
},
{
"category": "external",
"summary": "1868432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868432"
},
{
"category": "external",
"summary": "1869311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869311"
},
{
"category": "external",
"summary": "1870202",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1870202"
},
{
"category": "external",
"summary": "1874015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874015"
},
{
"category": "external",
"summary": "1875348",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1875348"
},
{
"category": "external",
"summary": "1879604",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879604"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4670.json"
}
],
"title": "Red Hat Security Advisory: idm:DL1 and idm:client security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T14:43:17+00:00",
"generator": {
"date": "2024-11-22T14:43:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:4670",
"initial_release_date": "2020-11-04T01:31:18+00:00",
"revision_history": [
{
"date": "2020-11-04T01:31:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-04T01:31:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:43:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "idm:DL1:8030020200923172343:9c827e52",
"product": {
"name": "idm:DL1:8030020200923172343:9c827e52",
"product_id": "idm:DL1:8030020200923172343:9c827e52",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/idm@DL1:8030020200923172343:9c827e52"
}
}
},
{
"category": "product_version",
"name": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"product": {
"name": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"product_id": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/custodia@0.6.0-3.module%2Bel8.1.0%2B4098%2Bf286395e?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-common@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-common@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"product": {
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"product_id": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-healthcheck@0.4-6.module%2Bel8.3.0%2B7710%2Be2408ce4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"product": {
"name": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"product_id": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-healthcheck-core@0.4-6.module%2Bel8.3.0%2B7710%2Be2408ce4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-python-compat@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-selinux@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-common@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-dns@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"product": {
"name": "python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"product_id": "python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-custodia@0.6.0-3.module%2Bel8.1.0%2B4098%2Bf286395e?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ipaclient@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ipalib@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ipaserver@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"product": {
"name": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"product_id": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-jwcrypto@0.5.0-1.module%2Bel8.1.0%2B4098%2Bf286395e?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"product": {
"name": "python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"product_id": "python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-kdcproxy@0.4-5.module%2Bel8.2.0%2B4691%2Ba05b2456?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"product": {
"name": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"product_id": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pyusb@1.0.0-9.module%2Bel8.1.0%2B4098%2Bf286395e?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"product": {
"name": "python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"product_id": "python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qrcode@5.1-12.module%2Bel8.1.0%2B4098%2Bf286395e?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"product": {
"name": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"product_id": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qrcode-core@5.1-12.module%2Bel8.1.0%2B4098%2Bf286395e?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"product": {
"name": "python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"product_id": "python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-yubico@1.3.2-9.module%2Bel8.1.0%2B4098%2Bf286395e?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "idm:client:8030020200923172426:05ac3f11",
"product": {
"name": "idm:client:8030020200923172426:05ac3f11",
"product_id": "idm:client:8030020200923172426:05ac3f11",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/idm@client:8030020200923172426:05ac3f11"
}
}
},
{
"category": "product_version",
"name": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product": {
"name": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_id": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-common@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product": {
"name": "ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_id": "ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-common@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"product": {
"name": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"product_id": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-healthcheck-core@0.4-6.module%2Bel8.3.0%2B7711%2Bc4441980?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product": {
"name": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_id": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-python-compat@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product": {
"name": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_id": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-selinux@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product": {
"name": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_id": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ipaclient@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product": {
"name": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_id": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ipalib@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"product": {
"name": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"product_id": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-jwcrypto@0.5.0-1.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"product": {
"name": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"product_id": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pyusb@1.0.0-9.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"product": {
"name": "python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"product_id": "python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qrcode@5.1-12.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"product": {
"name": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"product_id": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qrcode-core@5.1-12.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"product": {
"name": "python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"product_id": "python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-yubico@1.3.2-9.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"product": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"product_id": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=src"
}
}
},
{
"category": "product_version",
"name": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"product": {
"name": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"product_id": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/custodia@0.6.0-3.module%2Bel8.1.0%2B4098%2Bf286395e?arch=src"
}
}
},
{
"category": "product_version",
"name": "ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"product": {
"name": "ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"product_id": "ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=src"
}
}
},
{
"category": "product_version",
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"product": {
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"product_id": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-healthcheck@0.4-6.module%2Bel8.3.0%2B7710%2Be2408ce4?arch=src"
}
}
},
{
"category": "product_version",
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"product": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"product_id": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"product": {
"name": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"product_id": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-jwcrypto@0.5.0-1.module%2Bel8.1.0%2B4098%2Bf286395e?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"product": {
"name": "python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"product_id": "python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-kdcproxy@0.4-5.module%2Bel8.2.0%2B4691%2Ba05b2456?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"product": {
"name": "python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"product_id": "python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-qrcode@5.1-12.module%2Bel8.1.0%2B4098%2Bf286395e?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"product": {
"name": "python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"product_id": "python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-yubico@1.3.2-9.module%2Bel8.1.0%2B4098%2Bf286395e?arch=src"
}
}
},
{
"category": "product_version",
"name": "pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"product": {
"name": "pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"product_id": "pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pyusb@1.0.0-9.module%2Bel8.1.0%2B4098%2Bf286395e?arch=src"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"product": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"product_id": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=src"
}
}
},
{
"category": "product_version",
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"product": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"product_id": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=src"
}
}
},
{
"category": "product_version",
"name": "ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"product": {
"name": "ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"product_id": "ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=src"
}
}
},
{
"category": "product_version",
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"product": {
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"product_id": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-healthcheck@0.4-6.module%2Bel8.3.0%2B7711%2Bc4441980?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"product": {
"name": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"product_id": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-jwcrypto@0.5.0-1.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"product": {
"name": "python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"product_id": "python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-qrcode@5.1-12.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"product": {
"name": "python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"product_id": "python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-yubico@1.3.2-9.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=src"
}
}
},
{
"category": "product_version",
"name": "pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src",
"product": {
"name": "pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src",
"product_id": "pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pyusb@1.0.0-9.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product_id": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product_id": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debuginfo@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product_id": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debugsource@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product_id": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product_id": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debuginfo@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product_id": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debugsource@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debuginfo@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debugsource@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_id": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_id": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debuginfo@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_id": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debugsource@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_id": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-devel@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product_id": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product_id": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debuginfo@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product_id": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debugsource@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product_id": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product_id": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debuginfo@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product_id": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debugsource@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debuginfo@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debugsource@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_id": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_id": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debuginfo@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_id": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debugsource@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_id": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-devel@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product_id": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product_id": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debuginfo@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product_id": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debugsource@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product_id": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product_id": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debuginfo@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product_id": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debugsource@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debuginfo@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debugsource@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_id": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_id": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debuginfo@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_id": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debugsource@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_id": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-devel@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product_id": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product_id": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debuginfo@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product_id": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debugsource@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product_id": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product_id": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debuginfo@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product_id": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debugsource@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debuginfo@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debugsource@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_id": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_id": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debuginfo@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_id": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debugsource@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_id": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-devel@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
"product_reference": "idm:DL1:8030020200923172343:9c827e52",
"relates_to_product_reference": "AppStream-8.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64"
},
"product_reference": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le"
},
"product_reference": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x"
},
"product_reference": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src"
},
"product_reference": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64"
},
"product_reference": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64"
},
"product_reference": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le"
},
"product_reference": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x"
},
"product_reference": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64"
},
"product_reference": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64"
},
"product_reference": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le"
},
"product_reference": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x"
},
"product_reference": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64"
},
"product_reference": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch"
},
"product_reference": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src"
},
"product_reference": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src"
},
"product_reference": "ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch"
},
"product_reference": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src"
},
"product_reference": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch"
},
"product_reference": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64"
},
"product_reference": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le"
},
"product_reference": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x"
},
"product_reference": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src"
},
"product_reference": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64"
},
"product_reference": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64"
},
"product_reference": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le"
},
"product_reference": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x"
},
"product_reference": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64"
},
"product_reference": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64"
},
"product_reference": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le"
},
"product_reference": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x"
},
"product_reference": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64"
},
"product_reference": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src"
},
"product_reference": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src"
},
"product_reference": "python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src"
},
"product_reference": "python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src"
},
"product_reference": "python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch"
},
"product_reference": "python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch"
},
"product_reference": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch"
},
"product_reference": "python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch"
},
"product_reference": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch"
},
"product_reference": "python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch"
},
"product_reference": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch"
},
"product_reference": "python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src"
},
"product_reference": "pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src"
},
"product_reference": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64"
},
"product_reference": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le"
},
"product_reference": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x"
},
"product_reference": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src"
},
"product_reference": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64"
},
"product_reference": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64"
},
"product_reference": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le"
},
"product_reference": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x"
},
"product_reference": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64"
},
"product_reference": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64"
},
"product_reference": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le"
},
"product_reference": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x"
},
"product_reference": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64"
},
"product_reference": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64"
},
"product_reference": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le"
},
"product_reference": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x"
},
"product_reference": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64"
},
"product_reference": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
"product_reference": "idm:client:8030020200923172426:05ac3f11",
"relates_to_product_reference": "AppStream-8.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src"
},
"product_reference": "ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch"
},
"product_reference": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch"
},
"product_reference": "ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src"
},
"product_reference": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch"
},
"product_reference": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch"
},
"product_reference": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch"
},
"product_reference": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src"
},
"product_reference": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src"
},
"product_reference": "python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src"
},
"product_reference": "python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch"
},
"product_reference": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch"
},
"product_reference": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch"
},
"product_reference": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch"
},
"product_reference": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch"
},
"product_reference": "python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch"
},
"product_reference": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch"
},
"product_reference": "python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
},
"product_reference": "pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2016-10735",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668097"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the data-target attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10735"
},
{
"category": "external",
"summary": "RHBZ#1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
}
],
"release_date": "2016-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the data-target attribute"
},
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2018-20676",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668082"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip data-viewport attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions do not use the vulnerable component at all.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20676"
},
{
"category": "external",
"summary": "RHBZ#1668082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20676",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20676"
}
],
"release_date": "2018-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the tooltip data-viewport attribute"
},
{
"cve": "CVE-2018-20677",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668089"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the affix configuration target property",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions do not use the vulnerable component at all.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20677"
},
{
"category": "external",
"summary": "RHBZ#1668089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668089"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20677",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20677"
}
],
"release_date": "2018-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the affix configuration target property"
},
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"acknowledgments": [
{
"names": [
"Pritam Singh"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-1722",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in IPA. When sending a very long password (\u003e= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ipa: No password length restriction leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1722"
},
{
"category": "external",
"summary": "RHBZ#1793071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1722",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1722"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1722",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1722"
}
],
"release_date": "2020-04-14T04:26:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ipa: No password length restriction leads to denial of service"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
}
]
}
RHSA-2020:3936
Vulnerability from csaf_redhat
Published
2020-09-29 21:12
Modified
2024-11-22 14:43
Summary
Red Hat Security Advisory: ipa security, bug fix, and enhancement update
Notes
Topic
An update for ipa is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.
The following packages have been upgraded to a later upstream version: ipa (4.6.8). (BZ#1819725)
Security Fix(es):
* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. (CVE-2018-14042)
* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)
* bootstrap: XSS in the affix configuration target property (CVE-2018-20677)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* ipa: No password length restriction leads to denial of service (CVE-2020-1722)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ipa is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.\n\nThe following packages have been upgraded to a later upstream version: ipa (4.6.8). (BZ#1819725)\n\nSecurity Fix(es):\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)\n\n* bootstrap: XSS in the affix configuration target property (CVE-2018-20677)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* js-jquery: prototype pollution in object\u0027s prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* ipa: No password length restriction leads to denial of service (CVE-2020-1722)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3936",
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1404770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404770"
},
{
"category": "external",
"summary": "1545755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545755"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1668082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668082"
},
{
"category": "external",
"summary": "1668089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668089"
},
{
"category": "external",
"summary": "1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1754902",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1754902"
},
{
"category": "external",
"summary": "1755535",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755535"
},
{
"category": "external",
"summary": "1756568",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1756568"
},
{
"category": "external",
"summary": "1758406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758406"
},
{
"category": "external",
"summary": "1769791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1769791"
},
{
"category": "external",
"summary": "1771356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1771356"
},
{
"category": "external",
"summary": "1780548",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1780548"
},
{
"category": "external",
"summary": "1782587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782587"
},
{
"category": "external",
"summary": "1788718",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788718"
},
{
"category": "external",
"summary": "1788907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788907"
},
{
"category": "external",
"summary": "1793071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793071"
},
{
"category": "external",
"summary": "1795890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795890"
},
{
"category": "external",
"summary": "1801791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801791"
},
{
"category": "external",
"summary": "1817886",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817886"
},
{
"category": "external",
"summary": "1817918",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817918"
},
{
"category": "external",
"summary": "1817919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817919"
},
{
"category": "external",
"summary": "1817922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817922"
},
{
"category": "external",
"summary": "1817923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817923"
},
{
"category": "external",
"summary": "1817927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817927"
},
{
"category": "external",
"summary": "1819725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819725"
},
{
"category": "external",
"summary": "1825829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825829"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1829787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1829787"
},
{
"category": "external",
"summary": "1834385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834385"
},
{
"category": "external",
"summary": "1842950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842950"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3936.json"
}
],
"title": "Red Hat Security Advisory: ipa security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T14:43:09+00:00",
"generator": {
"date": "2024-11-22T14:43:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:3936",
"initial_release_date": "2020-09-29T21:12:26+00:00",
"revision_history": [
{
"date": "2020-09-29T21:12:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-09-29T21:12:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:43:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "ipa-0:4.6.8-5.el7.src",
"product": {
"name": "ipa-0:4.6.8-5.el7.src",
"product_id": "ipa-0:4.6.8-5.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa@4.6.8-5.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ipa-client-0:4.6.8-5.el7.x86_64",
"product": {
"name": "ipa-client-0:4.6.8-5.el7.x86_64",
"product_id": "ipa-client-0:4.6.8-5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.6.8-5.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"product": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"product_id": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.6.8-5.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-0:4.6.8-5.el7.x86_64",
"product": {
"name": "ipa-server-0:4.6.8-5.el7.x86_64",
"product_id": "ipa-server-0:4.6.8-5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server@4.6.8-5.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"product": {
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"product_id": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad@4.6.8-5.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ipa-client-common-0:4.6.8-5.el7.noarch",
"product": {
"name": "ipa-client-common-0:4.6.8-5.el7.noarch",
"product_id": "ipa-client-common-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-common@4.6.8-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-common-0:4.6.8-5.el7.noarch",
"product": {
"name": "ipa-common-0:4.6.8-5.el7.noarch",
"product_id": "ipa-common-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-common@4.6.8-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"product": {
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"product_id": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-python-compat@4.6.8-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"product": {
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"product_id": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-ipaclient@4.6.8-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python2-ipalib-0:4.6.8-5.el7.noarch",
"product": {
"name": "python2-ipalib-0:4.6.8-5.el7.noarch",
"product_id": "python2-ipalib-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-ipalib@4.6.8-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-server-common-0:4.6.8-5.el7.noarch",
"product": {
"name": "ipa-server-common-0:4.6.8-5.el7.noarch",
"product_id": "ipa-server-common-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-common@4.6.8-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"product": {
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"product_id": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-dns@4.6.8-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"product": {
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"product_id": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-ipaserver@4.6.8-5.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ipa-client-0:4.6.8-5.el7.s390x",
"product": {
"name": "ipa-client-0:4.6.8-5.el7.s390x",
"product_id": "ipa-client-0:4.6.8-5.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.6.8-5.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"product": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"product_id": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.6.8-5.el7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ipa-client-0:4.6.8-5.el7.ppc64",
"product": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64",
"product_id": "ipa-client-0:4.6.8-5.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.6.8-5.el7?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"product": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"product_id": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.6.8-5.el7?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "ipa-client-0:4.6.8-5.el7.ppc64le",
"product": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64le",
"product_id": "ipa-client-0:4.6.8-5.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.6.8-5.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"product": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"product_id": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.6.8-5.el7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.6.8-5.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-0:4.6.8-5.el7.src"
},
"product_reference": "ipa-0:4.6.8-5.el7.src",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-client-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipalib-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipalib-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.6.8-5.el7.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-0:4.6.8-5.el7.src"
},
"product_reference": "ipa-0:4.6.8-5.el7.src",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-client-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipalib-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipalib-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.6.8-5.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src"
},
"product_reference": "ipa-0:4.6.8-5.el7.src",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-client-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipalib-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipalib-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.6.8-5.el7.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src"
},
"product_reference": "ipa-0:4.6.8-5.el7.src",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-client-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipalib-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipalib-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.6.8-5.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-0:4.6.8-5.el7.src"
},
"product_reference": "ipa-0:4.6.8-5.el7.src",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-client-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipalib-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipalib-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.6.8-5.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-0:4.6.8-5.el7.src"
},
"product_reference": "ipa-0:4.6.8-5.el7.src",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-client-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipalib-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipalib-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2016-10735",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668097"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the data-target attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10735"
},
{
"category": "external",
"summary": "RHBZ#1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
}
],
"release_date": "2016-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the data-target attribute"
},
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2018-20676",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668082"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip data-viewport attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions do not use the vulnerable component at all.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20676"
},
{
"category": "external",
"summary": "RHBZ#1668082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20676",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20676"
}
],
"release_date": "2018-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the tooltip data-viewport attribute"
},
{
"cve": "CVE-2018-20677",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668089"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the affix configuration target property",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions do not use the vulnerable component at all.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20677"
},
{
"category": "external",
"summary": "RHBZ#1668089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668089"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20677",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20677"
}
],
"release_date": "2018-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the affix configuration target property"
},
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"acknowledgments": [
{
"names": [
"Pritam Singh"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-1722",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in IPA. When sending a very long password (\u003e= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ipa: No password length restriction leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1722"
},
{
"category": "external",
"summary": "RHBZ#1793071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1722",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1722"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1722",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1722"
}
],
"release_date": "2020-04-14T04:26:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ipa: No password length restriction leads to denial of service"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
}
]
}
rhsa-2023_0552
Vulnerability from csaf_redhat
Published
2023-01-31 13:15
Modified
2024-12-16 02:20
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0552",
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "JBEAP-23864",
"url": "https://issues.redhat.com/browse/JBEAP-23864"
},
{
"category": "external",
"summary": "JBEAP-23865",
"url": "https://issues.redhat.com/browse/JBEAP-23865"
},
{
"category": "external",
"summary": "JBEAP-23866",
"url": "https://issues.redhat.com/browse/JBEAP-23866"
},
{
"category": "external",
"summary": "JBEAP-23926",
"url": "https://issues.redhat.com/browse/JBEAP-23926"
},
{
"category": "external",
"summary": "JBEAP-24055",
"url": "https://issues.redhat.com/browse/JBEAP-24055"
},
{
"category": "external",
"summary": "JBEAP-24081",
"url": "https://issues.redhat.com/browse/JBEAP-24081"
},
{
"category": "external",
"summary": "JBEAP-24095",
"url": "https://issues.redhat.com/browse/JBEAP-24095"
},
{
"category": "external",
"summary": "JBEAP-24100",
"url": "https://issues.redhat.com/browse/JBEAP-24100"
},
{
"category": "external",
"summary": "JBEAP-24127",
"url": "https://issues.redhat.com/browse/JBEAP-24127"
},
{
"category": "external",
"summary": "JBEAP-24128",
"url": "https://issues.redhat.com/browse/JBEAP-24128"
},
{
"category": "external",
"summary": "JBEAP-24132",
"url": "https://issues.redhat.com/browse/JBEAP-24132"
},
{
"category": "external",
"summary": "JBEAP-24147",
"url": "https://issues.redhat.com/browse/JBEAP-24147"
},
{
"category": "external",
"summary": "JBEAP-24167",
"url": "https://issues.redhat.com/browse/JBEAP-24167"
},
{
"category": "external",
"summary": "JBEAP-24191",
"url": "https://issues.redhat.com/browse/JBEAP-24191"
},
{
"category": "external",
"summary": "JBEAP-24195",
"url": "https://issues.redhat.com/browse/JBEAP-24195"
},
{
"category": "external",
"summary": "JBEAP-24207",
"url": "https://issues.redhat.com/browse/JBEAP-24207"
},
{
"category": "external",
"summary": "JBEAP-24248",
"url": "https://issues.redhat.com/browse/JBEAP-24248"
},
{
"category": "external",
"summary": "JBEAP-24426",
"url": "https://issues.redhat.com/browse/JBEAP-24426"
},
{
"category": "external",
"summary": "JBEAP-24427",
"url": "https://issues.redhat.com/browse/JBEAP-24427"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0552.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"tracking": {
"current_release_date": "2024-12-16T02:20:15+00:00",
"generator": {
"date": "2024-12-16T02:20:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:0552",
"initial_release_date": "2023-01-31T13:15:22+00:00",
"revision_history": [
{
"date": "2023-01-31T13:15:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-31T13:15:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-16T02:20:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.3-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"product_id": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.7-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"product_id": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.3-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria-enterprise@1.0.1-3.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-backend-jgroups@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-backend-jms@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-engine@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-orm@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-serialization-avro@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.16-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-24.Final_redhat_00023.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-24.Final_redhat_00023.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2016-10735",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668097"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the data-target attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10735"
},
{
"category": "external",
"summary": "RHBZ#1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
}
],
"release_date": "2016-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the data-target attribute"
},
{
"cve": "CVE-2017-18214",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-03-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1553413"
}
],
"notes": [
{
"category": "description",
"text": "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-moment: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18214"
},
{
"category": "external",
"summary": "RHBZ#1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214"
}
],
"release_date": "2017-09-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-moment: Regular expression denial of service"
},
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14041",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601616"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14041"
},
{
"category": "external",
"summary": "RHBZ#1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
},
{
"cve": "CVE-2022-3143",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124682"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: possible timing attacks via use of unsafe comparator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3143"
},
{
"category": "external",
"summary": "RHBZ#2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: possible timing attacks via use of unsafe comparator"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd: Java unsafe deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45047"
},
{
"category": "external",
"summary": "RHBZ#2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
"url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
}
],
"release_date": "2022-11-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
},
{
"category": "workaround",
"details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mina-sshd: Java unsafe deserialization vulnerability"
},
{
"cve": "CVE-2022-45693",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45693"
},
{
"category": "external",
"summary": "RHBZ#2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
}
]
}
RHSA-2020:4670
Vulnerability from csaf_redhat
Published
2020-11-04 01:31
Modified
2024-11-22 14:43
Summary
Red Hat Security Advisory: idm:DL1 and idm:client security, bug fix, and enhancement update
Notes
Topic
An update for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.
The following packages have been upgraded to a later upstream version: ipa (4.8.7), softhsm (2.6.0), opendnssec (2.1.6). (BZ#1759888, BZ#1818765, BZ#1818877)
Security Fix(es):
* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)
* bootstrap: XSS in the affix configuration target property (CVE-2018-20677)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* js-jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* ipa: No password length restriction leads to denial of service (CVE-2020-1722)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. \n\nThe following packages have been upgraded to a later upstream version: ipa (4.8.7), softhsm (2.6.0), opendnssec (2.1.6). (BZ#1759888, BZ#1818765, BZ#1818877)\n\nSecurity Fix(es):\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)\n\n* bootstrap: XSS in the affix configuration target property (CVE-2018-20677)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* js-jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* ipa: No password length restriction leads to denial of service (CVE-2020-1722)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4670",
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1430365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430365"
},
{
"category": "external",
"summary": "1488732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488732"
},
{
"category": "external",
"summary": "1585020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585020"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1651577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1651577"
},
{
"category": "external",
"summary": "1668082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668082"
},
{
"category": "external",
"summary": "1668089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668089"
},
{
"category": "external",
"summary": "1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1701233",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701233"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1746830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1746830"
},
{
"category": "external",
"summary": "1750893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1750893"
},
{
"category": "external",
"summary": "1751295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1751295"
},
{
"category": "external",
"summary": "1757045",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757045"
},
{
"category": "external",
"summary": "1759888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1759888"
},
{
"category": "external",
"summary": "1768156",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1768156"
},
{
"category": "external",
"summary": "1777806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1777806"
},
{
"category": "external",
"summary": "1793071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793071"
},
{
"category": "external",
"summary": "1801698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801698"
},
{
"category": "external",
"summary": "1802471",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802471"
},
{
"category": "external",
"summary": "1809835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809835"
},
{
"category": "external",
"summary": "1810154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1810154"
},
{
"category": "external",
"summary": "1810179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1810179"
},
{
"category": "external",
"summary": "1813330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813330"
},
{
"category": "external",
"summary": "1816784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816784"
},
{
"category": "external",
"summary": "1818765",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1818765"
},
{
"category": "external",
"summary": "1818877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1818877"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1831732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831732"
},
{
"category": "external",
"summary": "1831935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831935"
},
{
"category": "external",
"summary": "1832331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1832331"
},
{
"category": "external",
"summary": "1833266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833266"
},
{
"category": "external",
"summary": "1834264",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834264"
},
{
"category": "external",
"summary": "1834909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834909"
},
{
"category": "external",
"summary": "1845211",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845211"
},
{
"category": "external",
"summary": "1845537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845537"
},
{
"category": "external",
"summary": "1845596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845596"
},
{
"category": "external",
"summary": "1846352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846352"
},
{
"category": "external",
"summary": "1846434",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846434"
},
{
"category": "external",
"summary": "1847999",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847999"
},
{
"category": "external",
"summary": "1849914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849914"
},
{
"category": "external",
"summary": "1851411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851411"
},
{
"category": "external",
"summary": "1852244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852244"
},
{
"category": "external",
"summary": "1853263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853263"
},
{
"category": "external",
"summary": "1857157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857157"
},
{
"category": "external",
"summary": "1858318",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1858318"
},
{
"category": "external",
"summary": "1859213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1859213"
},
{
"category": "external",
"summary": "1863079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1863079"
},
{
"category": "external",
"summary": "1863616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1863616"
},
{
"category": "external",
"summary": "1866291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866291"
},
{
"category": "external",
"summary": "1866938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866938"
},
{
"category": "external",
"summary": "1868432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868432"
},
{
"category": "external",
"summary": "1869311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869311"
},
{
"category": "external",
"summary": "1870202",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1870202"
},
{
"category": "external",
"summary": "1874015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874015"
},
{
"category": "external",
"summary": "1875348",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1875348"
},
{
"category": "external",
"summary": "1879604",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879604"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4670.json"
}
],
"title": "Red Hat Security Advisory: idm:DL1 and idm:client security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T14:43:17+00:00",
"generator": {
"date": "2024-11-22T14:43:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:4670",
"initial_release_date": "2020-11-04T01:31:18+00:00",
"revision_history": [
{
"date": "2020-11-04T01:31:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-04T01:31:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:43:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "idm:DL1:8030020200923172343:9c827e52",
"product": {
"name": "idm:DL1:8030020200923172343:9c827e52",
"product_id": "idm:DL1:8030020200923172343:9c827e52",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/idm@DL1:8030020200923172343:9c827e52"
}
}
},
{
"category": "product_version",
"name": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"product": {
"name": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"product_id": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/custodia@0.6.0-3.module%2Bel8.1.0%2B4098%2Bf286395e?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-common@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-common@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"product": {
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"product_id": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-healthcheck@0.4-6.module%2Bel8.3.0%2B7710%2Be2408ce4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"product": {
"name": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"product_id": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-healthcheck-core@0.4-6.module%2Bel8.3.0%2B7710%2Be2408ce4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-python-compat@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-selinux@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-common@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-dns@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"product": {
"name": "python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"product_id": "python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-custodia@0.6.0-3.module%2Bel8.1.0%2B4098%2Bf286395e?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ipaclient@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ipalib@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ipaserver@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"product": {
"name": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"product_id": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-jwcrypto@0.5.0-1.module%2Bel8.1.0%2B4098%2Bf286395e?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"product": {
"name": "python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"product_id": "python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-kdcproxy@0.4-5.module%2Bel8.2.0%2B4691%2Ba05b2456?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"product": {
"name": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"product_id": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pyusb@1.0.0-9.module%2Bel8.1.0%2B4098%2Bf286395e?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"product": {
"name": "python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"product_id": "python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qrcode@5.1-12.module%2Bel8.1.0%2B4098%2Bf286395e?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"product": {
"name": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"product_id": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qrcode-core@5.1-12.module%2Bel8.1.0%2B4098%2Bf286395e?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"product": {
"name": "python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"product_id": "python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-yubico@1.3.2-9.module%2Bel8.1.0%2B4098%2Bf286395e?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "idm:client:8030020200923172426:05ac3f11",
"product": {
"name": "idm:client:8030020200923172426:05ac3f11",
"product_id": "idm:client:8030020200923172426:05ac3f11",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/idm@client:8030020200923172426:05ac3f11"
}
}
},
{
"category": "product_version",
"name": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product": {
"name": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_id": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-common@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product": {
"name": "ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_id": "ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-common@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"product": {
"name": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"product_id": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-healthcheck-core@0.4-6.module%2Bel8.3.0%2B7711%2Bc4441980?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product": {
"name": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_id": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-python-compat@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product": {
"name": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_id": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-selinux@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product": {
"name": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_id": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ipaclient@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product": {
"name": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_id": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ipalib@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"product": {
"name": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"product_id": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-jwcrypto@0.5.0-1.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"product": {
"name": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"product_id": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pyusb@1.0.0-9.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"product": {
"name": "python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"product_id": "python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qrcode@5.1-12.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"product": {
"name": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"product_id": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qrcode-core@5.1-12.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"product": {
"name": "python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"product_id": "python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-yubico@1.3.2-9.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"product": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"product_id": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=src"
}
}
},
{
"category": "product_version",
"name": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"product": {
"name": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"product_id": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/custodia@0.6.0-3.module%2Bel8.1.0%2B4098%2Bf286395e?arch=src"
}
}
},
{
"category": "product_version",
"name": "ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"product": {
"name": "ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"product_id": "ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=src"
}
}
},
{
"category": "product_version",
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"product": {
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"product_id": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-healthcheck@0.4-6.module%2Bel8.3.0%2B7710%2Be2408ce4?arch=src"
}
}
},
{
"category": "product_version",
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"product": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"product_id": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"product": {
"name": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"product_id": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-jwcrypto@0.5.0-1.module%2Bel8.1.0%2B4098%2Bf286395e?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"product": {
"name": "python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"product_id": "python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-kdcproxy@0.4-5.module%2Bel8.2.0%2B4691%2Ba05b2456?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"product": {
"name": "python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"product_id": "python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-qrcode@5.1-12.module%2Bel8.1.0%2B4098%2Bf286395e?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"product": {
"name": "python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"product_id": "python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-yubico@1.3.2-9.module%2Bel8.1.0%2B4098%2Bf286395e?arch=src"
}
}
},
{
"category": "product_version",
"name": "pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"product": {
"name": "pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"product_id": "pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pyusb@1.0.0-9.module%2Bel8.1.0%2B4098%2Bf286395e?arch=src"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"product": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"product_id": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=src"
}
}
},
{
"category": "product_version",
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"product": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"product_id": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=src"
}
}
},
{
"category": "product_version",
"name": "ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"product": {
"name": "ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"product_id": "ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=src"
}
}
},
{
"category": "product_version",
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"product": {
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"product_id": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-healthcheck@0.4-6.module%2Bel8.3.0%2B7711%2Bc4441980?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"product": {
"name": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"product_id": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-jwcrypto@0.5.0-1.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"product": {
"name": "python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"product_id": "python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-qrcode@5.1-12.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"product": {
"name": "python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"product_id": "python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-yubico@1.3.2-9.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=src"
}
}
},
{
"category": "product_version",
"name": "pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src",
"product": {
"name": "pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src",
"product_id": "pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pyusb@1.0.0-9.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product_id": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product_id": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debuginfo@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product_id": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debugsource@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product_id": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product_id": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debuginfo@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product_id": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debugsource@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debuginfo@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debugsource@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_id": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_id": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debuginfo@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_id": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debugsource@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_id": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-devel@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product_id": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product_id": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debuginfo@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product_id": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debugsource@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product_id": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product_id": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debuginfo@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product_id": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debugsource@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debuginfo@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debugsource@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_id": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_id": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debuginfo@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_id": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debugsource@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_id": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-devel@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product_id": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product_id": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debuginfo@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product_id": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debugsource@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product_id": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product_id": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debuginfo@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product_id": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debugsource@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debuginfo@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debugsource@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_id": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_id": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debuginfo@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_id": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debugsource@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_id": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-devel@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product_id": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product_id": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debuginfo@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product_id": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debugsource@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product_id": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product_id": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debuginfo@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product_id": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debugsource@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debuginfo@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debugsource@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_id": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_id": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debuginfo@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_id": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debugsource@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_id": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-devel@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
"product_reference": "idm:DL1:8030020200923172343:9c827e52",
"relates_to_product_reference": "AppStream-8.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64"
},
"product_reference": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le"
},
"product_reference": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x"
},
"product_reference": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src"
},
"product_reference": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64"
},
"product_reference": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64"
},
"product_reference": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le"
},
"product_reference": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x"
},
"product_reference": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64"
},
"product_reference": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64"
},
"product_reference": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le"
},
"product_reference": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x"
},
"product_reference": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64"
},
"product_reference": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch"
},
"product_reference": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src"
},
"product_reference": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src"
},
"product_reference": "ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch"
},
"product_reference": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src"
},
"product_reference": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch"
},
"product_reference": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64"
},
"product_reference": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le"
},
"product_reference": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x"
},
"product_reference": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src"
},
"product_reference": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64"
},
"product_reference": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64"
},
"product_reference": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le"
},
"product_reference": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x"
},
"product_reference": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64"
},
"product_reference": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64"
},
"product_reference": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le"
},
"product_reference": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x"
},
"product_reference": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64"
},
"product_reference": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src"
},
"product_reference": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src"
},
"product_reference": "python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src"
},
"product_reference": "python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src"
},
"product_reference": "python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch"
},
"product_reference": "python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch"
},
"product_reference": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch"
},
"product_reference": "python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch"
},
"product_reference": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch"
},
"product_reference": "python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch"
},
"product_reference": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch"
},
"product_reference": "python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src"
},
"product_reference": "pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src"
},
"product_reference": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64"
},
"product_reference": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le"
},
"product_reference": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x"
},
"product_reference": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src"
},
"product_reference": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64"
},
"product_reference": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64"
},
"product_reference": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le"
},
"product_reference": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x"
},
"product_reference": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64"
},
"product_reference": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64"
},
"product_reference": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le"
},
"product_reference": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x"
},
"product_reference": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64"
},
"product_reference": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64"
},
"product_reference": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le"
},
"product_reference": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x"
},
"product_reference": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64"
},
"product_reference": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
"product_reference": "idm:client:8030020200923172426:05ac3f11",
"relates_to_product_reference": "AppStream-8.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src"
},
"product_reference": "ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch"
},
"product_reference": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch"
},
"product_reference": "ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src"
},
"product_reference": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch"
},
"product_reference": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch"
},
"product_reference": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch"
},
"product_reference": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src"
},
"product_reference": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src"
},
"product_reference": "python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src"
},
"product_reference": "python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch"
},
"product_reference": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch"
},
"product_reference": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch"
},
"product_reference": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch"
},
"product_reference": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch"
},
"product_reference": "python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch"
},
"product_reference": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch"
},
"product_reference": "python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
},
"product_reference": "pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2016-10735",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668097"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the data-target attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10735"
},
{
"category": "external",
"summary": "RHBZ#1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
}
],
"release_date": "2016-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the data-target attribute"
},
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2018-20676",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668082"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip data-viewport attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions do not use the vulnerable component at all.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20676"
},
{
"category": "external",
"summary": "RHBZ#1668082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20676",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20676"
}
],
"release_date": "2018-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the tooltip data-viewport attribute"
},
{
"cve": "CVE-2018-20677",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668089"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the affix configuration target property",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions do not use the vulnerable component at all.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20677"
},
{
"category": "external",
"summary": "RHBZ#1668089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668089"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20677",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20677"
}
],
"release_date": "2018-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the affix configuration target property"
},
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"acknowledgments": [
{
"names": [
"Pritam Singh"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-1722",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in IPA. When sending a very long password (\u003e= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ipa: No password length restriction leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1722"
},
{
"category": "external",
"summary": "RHBZ#1793071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1722",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1722"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1722",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1722"
}
],
"release_date": "2020-04-14T04:26:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ipa: No password length restriction leads to denial of service"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
}
]
}
rhsa-2020:0983
Vulnerability from csaf_redhat
Published
2020-03-26 15:46
Modified
2025-02-02 20:20
Summary
Red Hat Security Advisory: Red Hat Fuse 7.6.0 security update
Notes
Topic
A minor version update (from 7.5 to 7.6) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
[2020-04-17 update: descriptions for mutiple components fixed for the same CVE added; also added golang CVE descriptions that were unintentionally ommitted from the original publication]
Details
This release of Red Hat Fuse 7.6.0 serves as a replacement for Red Hat Fuse 7.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* golang: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* undertow: HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)
* undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* golang: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
* undertow: HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)
* undertow: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
* undertow: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)
* infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)
* spring-security-core: mishandling of user passwords allows logging in with a password of NULL (CVE-2019-11272)
* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)
* jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)
* xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response (CVE-2019-17570)
* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* logback: Serialization vulnerability in SocketServer and ServerSocketReceiver (CVE-2017-5929)
* js-jquery: XSS in responses from cross-origin ajax requests (CVE-2017-16012)
* apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip (CVE-2018-11771)
* spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher (CVE-2019-3802)
* undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)
* shiro: Cookie padding oracle vulnerability with default configuration (CVE-2019-12422)
* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. (CVE-2019-12814)
* jackson-databind: Polymorphic typing issue related to logback/JNDI (CVE-2019-14439)
* springframework: DoS Attack via Range Requests (CVE-2018-15756)
* c3p0: loading XML configuration leads to denial of service (CVE-2019-5427)
* undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A minor version update (from 7.5 to 7.6) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[2020-04-17 update: descriptions for mutiple components fixed for the same CVE added; also added golang CVE descriptions that were unintentionally ommitted from the original publication]",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat Fuse 7.6.0 serves as a replacement for Red Hat Fuse 7.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* golang: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* undertow: HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)\n\n* undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* golang: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n* undertow: HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* undertow: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\n* undertow: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\n* infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)\n\n* spring-security-core: mishandling of user passwords allows logging in with a password of NULL (CVE-2019-11272)\n\n* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)\n\n* jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)\n\n* xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response (CVE-2019-17570)\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* logback: Serialization vulnerability in SocketServer and ServerSocketReceiver (CVE-2017-5929)\n\n* js-jquery: XSS in responses from cross-origin ajax requests (CVE-2017-16012)\n\n* apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip (CVE-2018-11771)\n\n* spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher (CVE-2019-3802)\n\n* undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)\n\n* shiro: Cookie padding oracle vulnerability with default configuration (CVE-2019-12422)\n\n* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. (CVE-2019-12814)\n\n* jackson-databind: Polymorphic typing issue related to logback/JNDI (CVE-2019-14439)\n\n* springframework: DoS Attack via Range Requests (CVE-2018-15756)\n\n* c3p0: loading XML configuration leads to denial of service (CVE-2019-5427)\n\n* undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0983",
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.6.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.6.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1432858",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432858"
},
{
"category": "external",
"summary": "1591854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591854"
},
{
"category": "external",
"summary": "1618573",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618573"
},
{
"category": "external",
"summary": "1643043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643043"
},
{
"category": "external",
"summary": "1693777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693777"
},
{
"category": "external",
"summary": "1703469",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703469"
},
{
"category": "external",
"summary": "1709860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1709860"
},
{
"category": "external",
"summary": "1713068",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713068"
},
{
"category": "external",
"summary": "1725795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725795"
},
{
"category": "external",
"summary": "1725807",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725807"
},
{
"category": "external",
"summary": "1728993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728993"
},
{
"category": "external",
"summary": "1730316",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730316"
},
{
"category": "external",
"summary": "1735645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735645"
},
{
"category": "external",
"summary": "1735741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
},
{
"category": "external",
"summary": "1735744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744"
},
{
"category": "external",
"summary": "1735745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735745"
},
{
"category": "external",
"summary": "1735749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735749"
},
{
"category": "external",
"summary": "1737517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737517"
},
{
"category": "external",
"summary": "1741864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
},
{
"category": "external",
"summary": "1741868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
},
{
"category": "external",
"summary": "1752962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752962"
},
{
"category": "external",
"summary": "1774726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774726"
},
{
"category": "external",
"summary": "1775193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775193"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0983.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Fuse 7.6.0 security update",
"tracking": {
"current_release_date": "2025-02-02T20:20:12+00:00",
"generator": {
"date": "2025-02-02T20:20:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.6"
}
},
"id": "RHSA-2020:0983",
"initial_release_date": "2020-03-26T15:46:59+00:00",
"revision_history": [
{
"date": "2020-03-26T15:46:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-04-20T07:19:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-02T20:20:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Fuse 7.6.0",
"product": {
"name": "Red Hat Fuse 7.6.0",
"product_id": "Red Hat Fuse 7.6.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_fuse:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Fuse"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2017-5929",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2017-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1432858"
}
],
"notes": [
{
"category": "description",
"text": "It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to execute arbitrary code through deserialization of custom gadget chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "logback: Serialization vulnerability in SocketServer and ServerSocketReceiver",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5929"
},
{
"category": "external",
"summary": "RHBZ#1432858",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432858"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5929",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5929"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5929",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5929"
}
],
"release_date": "2017-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "logback: Serialization vulnerability in SocketServer and ServerSocketReceiver"
},
{
"cve": "CVE-2017-16012",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-06-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1591854"
}
],
"notes": [
{
"category": "description",
"text": "[REJECTED CVE] This CVE has been rejected. This candidate is a duplicate of CVE-2015-9251. Note: All CVE users should reference CVE-2015-9251 instead of this candidate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "js-jquery: XSS in responses from cross-origin ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-16012"
},
{
"category": "external",
"summary": "RHBZ#1591854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16012"
}
],
"release_date": "2017-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "js-jquery: XSS in responses from cross-origin ajax requests"
},
{
"cve": "CVE-2018-11771",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618573"
}
],
"notes": [
{
"category": "description",
"text": "When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17\u0027s ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress\u0027 zip package.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-11771"
},
{
"category": "external",
"summary": "RHBZ#1618573",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618573"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-11771",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11771"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-11771",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11771"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread.html/b8da751fc0ca949534cdf2744111da6bb0349d2798fac94b0a50f330@%3Cannounce.apache.org%3E",
"url": "https://lists.apache.org/thread.html/b8da751fc0ca949534cdf2744111da6bb0349d2798fac94b0a50f330@%3Cannounce.apache.org%3E"
}
],
"release_date": "2018-08-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip"
},
{
"cve": "CVE-2018-12536",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2018-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1597418"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn\u0027t match a dynamic url-pattern, and is eventually handled by the DefaultServlet\u0027s static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: full server path revealed when using the default Error Handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12536"
},
{
"category": "external",
"summary": "RHBZ#1597418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597418"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12536",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12536"
}
],
"release_date": "2018-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "Information disclosure occurs when java.nio.file.InvalidPathException occurs and is handled by the default Jetty error handler. To protect against this, a custom error handler can be configured for that particular error or for a larger set of errors according to the documentation link below. Red Hat Product Security advises that production deployments on Jetty use custom error handlers to limit the information disclosed and to ensure effective logging of error conditions.\n\nhttp://www.eclipse.org/jetty/documentation/current/custom-error-pages.html",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jetty: full server path revealed when using the default Error Handling"
},
{
"cve": "CVE-2018-15756",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1643043"
}
],
"notes": [
{
"category": "description",
"text": "Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: DoS Attack via Range Requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The package rhvm-dependencies does not include the vulnerable spring-webmvc component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-15756"
},
{
"category": "external",
"summary": "RHBZ#1643043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643043"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-15756",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-15756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15756"
},
{
"category": "external",
"summary": "https://pivotal.io/security/cve-2018-15756",
"url": "https://pivotal.io/security/cve-2018-15756"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "springframework: DoS Attack via Range Requests"
},
{
"cve": "CVE-2019-3802",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1730316"
}
],
"notes": [
{
"category": "description",
"text": "This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3802"
},
{
"category": "external",
"summary": "RHBZ#1730316",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730316"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3802",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3802"
},
{
"category": "external",
"summary": "https://pivotal.io/security/cve-2019-3802",
"url": "https://pivotal.io/security/cve-2019-3802"
}
],
"release_date": "2019-07-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher"
},
{
"acknowledgments": [
{
"names": [
"Carter Kozak"
]
}
],
"cve": "CVE-2019-3888",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2019-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1693777"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3888"
},
{
"category": "external",
"summary": "RHBZ#1693777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3888",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3888"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3888",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3888"
}
],
"release_date": "2019-06-10T15:13:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed"
},
{
"cve": "CVE-2019-5427",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2019-04-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1709860"
}
],
"notes": [
{
"category": "description",
"text": "c3p0 version \u003c 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "c3p0: loading XML configuration leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 is not vulnerable to this issue, because the candlepin component who uses the c3p0 jar never passes a XML configuration file to c3p0, even though it includes a vulnerable version of the latter. Since this issue requires a XML files to be loaded by c3p0, an exploitation path doesn\u0027t exist.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5427"
},
{
"category": "external",
"summary": "RHBZ#1709860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1709860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5427",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5427"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5427",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5427"
}
],
"release_date": "2019-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "c3p0: loading XML configuration leads to denial of service"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9512",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735645"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using PING frames results in unbounded memory growth",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9512"
},
{
"category": "external",
"summary": "RHBZ#1735645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9512",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9512"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg",
"url": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA",
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html",
"url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using PING frames results in unbounded memory growth"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9513",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for packages nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9513"
},
{
"category": "external",
"summary": "RHBZ#1735741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9513",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9513"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/",
"url": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9514",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735744"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using HEADERS frames results in unbounded memory growth",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9514"
},
{
"category": "external",
"summary": "RHBZ#1735744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9514",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9514"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg",
"url": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA",
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html",
"url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using HEADERS frames results in unbounded memory growth"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9515",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735745"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using SETTINGS frames results in unbounded memory growth",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the version of grafana(embeds gRPC) as shipped with Red Hat Ceph Storage 3 as it include the support for HTTP/2.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9515"
},
{
"category": "external",
"summary": "RHBZ#1735745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735745"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9515",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9515"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html",
"url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using SETTINGS frames results in unbounded memory growth"
},
{
"cve": "CVE-2019-9516",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741864"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: 0-length headers lead to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9516"
},
{
"category": "external",
"summary": "RHBZ#1741864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9516",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9516"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/issues/1382#",
"url": "https://github.com/nghttp2/nghttp2/issues/1382#"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: 0-length headers lead to denial of service"
},
{
"cve": "CVE-2019-9517",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741868"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server\u0027s queue is setup, the responses can consume excess memory, CPU, or both, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: request for large response leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The package httpd versions as shipped with Red Hat Enterprise Linux 5, 6 and 7 are not affected by this issue as HTTP/2 support is not provided.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9517"
},
{
"category": "external",
"summary": "RHBZ#1741868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "The httpd version shipped with Red Hat Enterprise Linux 8 provides HTTP/2 support through mod_http2 package. While mod_http2 package is not updated, users can disable HTTP/2 support as mitigation action by executing the following steps:\n\n1. Stop httpd service:\n$ systemctl stop httpd\n\n2. Remove http/2 protocol support from configuration files:\n$ sed -i \u0027s/\\(h2\\)\\|\\(h2c\\)//g\u0027 \u003chttpd_config_file\u003e\n\n3. Validate configuration files to make sure all syntax is valid:\n$ apachectl configtest\n\n4. Restart httpd service:\n$ systemctl start httpd",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: request for large response leads to denial of service"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735749"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using empty frames results in excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9518"
},
{
"category": "external",
"summary": "RHBZ#1735749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using empty frames results in excessive resource consumption"
},
{
"cve": "CVE-2019-10174",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2018-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1703469"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan\u0027s privileges. The attacker can use reflection to introduce new, malicious behavior into the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight contains the vulnerable library. This library is a requirement of other dependencies (Karaf and Hibernate). Under supported deployments, the vulnerable functionality is not utilized. Based on this, no OpenDaylight versions will not be fixed.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10174"
},
{
"category": "external",
"summary": "RHBZ#1703469",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703469"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10174",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10174"
}
],
"release_date": "2019-11-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "There is no known mitigation for this issue.",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods"
},
{
"acknowledgments": [
{
"names": [
"Christian Schl\u00fcter"
],
"organization": "Viada"
}
],
"cve": "CVE-2019-10184",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"discovery_date": "2019-03-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1713068"
}
],
"notes": [
{
"category": "description",
"text": "undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Information leak in requests for directories without trailing slashes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10184"
},
{
"category": "external",
"summary": "RHBZ#1713068",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713068"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10184",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10184"
}
],
"release_date": "2019-07-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undertow: Information leak in requests for directories without trailing slashes"
},
{
"cve": "CVE-2019-10241",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1705924"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of jetty which is embedded in the nutch package as shipped with Red Hat Satellite 5. The jetty server is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low in the context of Red Hat Satellite 5. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10241"
},
{
"category": "external",
"summary": "RHBZ#1705924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10241",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10241"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10241",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10241"
}
],
"release_date": "2019-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions"
},
{
"cve": "CVE-2019-10247",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1705993"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: error path information disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of jetty which is embedded in the nutch package as shipped with Red Hat Satellite 5. The jetty server is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low in the context of Red Hat Satellite 5. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10247"
},
{
"category": "external",
"summary": "RHBZ#1705993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705993"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10247",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10247"
}
],
"release_date": "2019-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jetty: error path information disclosure"
},
{
"cve": "CVE-2019-11272",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2019-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1728993"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Security in several versions, in the use of plain text passwords using the PlaintextPasswordEncoder. If an application is using an affected version of Spring Security with the PlaintextPasswordEncoder and a user has a null encoded password, an attacker can use this flaw to authenticate using a password of \"null.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security-core: mishandling of user passwords allows logging in with a password of NULL",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight versions 9 and 10 contain the vulnerable code. However, these OpenDaylight versions were released as technical preview with limited support and will therefore not be updated. Other OpenDaylight versions do not contain the vulnerable library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11272"
},
{
"category": "external",
"summary": "RHBZ#1728993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728993"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11272",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11272"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11272",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11272"
},
{
"category": "external",
"summary": "https://pivotal.io/security/cve-2019-11272",
"url": "https://pivotal.io/security/cve-2019-11272"
}
],
"release_date": "2019-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "spring-security-core: mishandling of user passwords allows logging in with a password of NULL"
},
{
"cve": "CVE-2019-12384",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1725807"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind in versions prior to 2.9.9. The vulnerability would permit polymorphic deserialization of malicious objects using the logback-core gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. Depending on the classpath content, remote code execution may be possible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack\u0027s OpenDaylight does not use logback in any supported configuration. Therefore, the prerequisites for this vulnerability are not present and OpenDaylight is not affected.\n\nThis vulnerability relies on logback-core (ch.qos.logback.core) being present in the application\u0027s ClassPath. Logback-core is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use logback-core are not impacted by this vulnerability.\n\nThis issue affects the versions of jackson-databind bundled with candlepin as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12384"
},
{
"category": "external",
"summary": "RHBZ#1725807",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725807"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12384"
}
],
"release_date": "2019-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution"
},
{
"cve": "CVE-2019-12422",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-11-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1774726"
}
],
"notes": [
{
"category": "description",
"text": "Apache Shiro before 1.4.2, when using the default \"remember me\" configuration, cookies could be susceptible to a padding attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shiro: Cookie padding oracle vulnerability with default configuration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12422"
},
{
"category": "external",
"summary": "RHBZ#1774726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12422",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12422"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12422",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12422"
}
],
"release_date": "2019-11-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "shiro: Cookie padding oracle vulnerability with default configuration"
},
{
"cve": "CVE-2019-12814",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1725795"
}
],
"notes": [
{
"category": "description",
"text": "A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Red Hat Satellite 6 does not include the jdom or jdom2 packages, thus it is not affected by this vulnerability. \n* Red Hat OpenStack\u0027s OpenDaylight does not include the jdom or jdom2 packages, thus it is not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12814"
},
{
"category": "external",
"summary": "RHBZ#1725795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12814"
}
],
"release_date": "2019-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "This vulnerability relies on jdom (org.jdom) or jdom2 (org.jdom2) being present in the application\u0027s ClassPath. Applications using jackson-databind that do not also use jdom or jdom2 are not impacted by this vulnerability.",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message."
},
{
"cve": "CVE-2019-14379",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-07-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1737517"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: default typing mishandling leading to remote code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nSimilarly, Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14379"
},
{
"category": "external",
"summary": "RHBZ#1737517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737517"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14379"
}
],
"release_date": "2019-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: default typing mishandling leading to remote code execution"
},
{
"cve": "CVE-2019-14439",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1752962"
}
],
"notes": [
{
"category": "description",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Polymorphic typing issue related to logback/JNDI",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight provided as part of Red Hat OpenStack does not utilize logback when used in a supported configuration. Therefore, the prerequisites for this vulnerability are not present and OpenDaylight is not affected.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14439"
},
{
"category": "external",
"summary": "RHBZ#1752962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752962"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14439",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14439"
}
],
"release_date": "2019-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Polymorphic typing issue related to logback/JNDI"
},
{
"acknowledgments": [
{
"names": [
"Guillaume Teissier"
],
"organization": "Orange"
}
],
"cve": "CVE-2019-17570",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-11-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1775193"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered where the XMLRPC client implementation in Apache XMLRPC, performed deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious or compromised XMLRPC server could possibly use this flaw to execute arbitrary code with the privileges of an application using the Apache XMLRPC client library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7 provides vulnerable version of xmlrpc via the Optional repository. As the Optional repository is not supported, this issue is not planned to be addressed there.\n\nRed Hat Virtualization Manager uses xmlrpc only for internal communication with the scheduler. Since this is a component of the Manager itself, it is not subject to attacker influence and does not represent an attack surface.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17570"
},
{
"category": "external",
"summary": "RHBZ#1775193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775193"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17570",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17570"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17570",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17570"
},
{
"category": "external",
"summary": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-x2r6-4m45-m4jp",
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-x2r6-4m45-m4jp"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the Apache XMLRPC client library from sending requests to untrusted XMLRPC servers.",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response"
}
]
}
RHSA-2023:0553
Vulnerability from csaf_redhat
Published
2023-01-31 13:12
Modified
2025-02-14 16:58
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of
service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
(CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM
manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
(CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
(CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability
(CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute
(CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator
(CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
(CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data
(CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n(CVE-2018-14040)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n(CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy\n(CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability\n(CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator\n(CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n(CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data\n(CVE-2022-40150)\n\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0553",
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "JBEAP-23864",
"url": "https://issues.redhat.com/browse/JBEAP-23864"
},
{
"category": "external",
"summary": "JBEAP-23865",
"url": "https://issues.redhat.com/browse/JBEAP-23865"
},
{
"category": "external",
"summary": "JBEAP-23866",
"url": "https://issues.redhat.com/browse/JBEAP-23866"
},
{
"category": "external",
"summary": "JBEAP-23927",
"url": "https://issues.redhat.com/browse/JBEAP-23927"
},
{
"category": "external",
"summary": "JBEAP-24055",
"url": "https://issues.redhat.com/browse/JBEAP-24055"
},
{
"category": "external",
"summary": "JBEAP-24081",
"url": "https://issues.redhat.com/browse/JBEAP-24081"
},
{
"category": "external",
"summary": "JBEAP-24095",
"url": "https://issues.redhat.com/browse/JBEAP-24095"
},
{
"category": "external",
"summary": "JBEAP-24100",
"url": "https://issues.redhat.com/browse/JBEAP-24100"
},
{
"category": "external",
"summary": "JBEAP-24127",
"url": "https://issues.redhat.com/browse/JBEAP-24127"
},
{
"category": "external",
"summary": "JBEAP-24128",
"url": "https://issues.redhat.com/browse/JBEAP-24128"
},
{
"category": "external",
"summary": "JBEAP-24132",
"url": "https://issues.redhat.com/browse/JBEAP-24132"
},
{
"category": "external",
"summary": "JBEAP-24147",
"url": "https://issues.redhat.com/browse/JBEAP-24147"
},
{
"category": "external",
"summary": "JBEAP-24167",
"url": "https://issues.redhat.com/browse/JBEAP-24167"
},
{
"category": "external",
"summary": "JBEAP-24191",
"url": "https://issues.redhat.com/browse/JBEAP-24191"
},
{
"category": "external",
"summary": "JBEAP-24195",
"url": "https://issues.redhat.com/browse/JBEAP-24195"
},
{
"category": "external",
"summary": "JBEAP-24207",
"url": "https://issues.redhat.com/browse/JBEAP-24207"
},
{
"category": "external",
"summary": "JBEAP-24248",
"url": "https://issues.redhat.com/browse/JBEAP-24248"
},
{
"category": "external",
"summary": "JBEAP-24426",
"url": "https://issues.redhat.com/browse/JBEAP-24426"
},
{
"category": "external",
"summary": "JBEAP-24427",
"url": "https://issues.redhat.com/browse/JBEAP-24427"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0553.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"tracking": {
"current_release_date": "2025-02-14T16:58:54+00:00",
"generator": {
"date": "2025-02-14T16:58:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2023:0553",
"initial_release_date": "2023-01-31T13:12:13+00:00",
"revision_history": [
{
"date": "2023-01-31T13:12:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-31T13:12:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-14T16:58:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.3-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"product_id": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.7-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"product_id": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"product_id": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"product_id": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el8eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.3-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria-enterprise@1.0.1-3.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-backend-jgroups@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-backend-jms@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-engine@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-orm@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-serialization-avro@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.16-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-24.Final_redhat_00023.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-24.Final_redhat_00023.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.9-4.GA_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.9-4.GA_redhat_00003.1.el8eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2016-10735",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668097"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the data-target attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10735"
},
{
"category": "external",
"summary": "RHBZ#1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
}
],
"release_date": "2016-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the data-target attribute"
},
{
"cve": "CVE-2017-18214",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-03-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1553413"
}
],
"notes": [
{
"category": "description",
"text": "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-moment: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18214"
},
{
"category": "external",
"summary": "RHBZ#1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214"
}
],
"release_date": "2017-09-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-moment: Regular expression denial of service"
},
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14041",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601616"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14041"
},
{
"category": "external",
"summary": "RHBZ#1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
},
{
"cve": "CVE-2022-3143",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124682"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: possible timing attacks via use of unsafe comparator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3143"
},
{
"category": "external",
"summary": "RHBZ#2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: possible timing attacks via use of unsafe comparator"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd: Java unsafe deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45047"
},
{
"category": "external",
"summary": "RHBZ#2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
"url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
}
],
"release_date": "2022-11-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
},
{
"category": "workaround",
"details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mina-sshd: Java unsafe deserialization vulnerability"
},
{
"cve": "CVE-2022-45693",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45693"
},
{
"category": "external",
"summary": "RHBZ#2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
}
]
}
rhsa-2020:0481
Vulnerability from csaf_redhat
Published
2020-02-12 15:26
Modified
2024-11-15 03:20
Summary
Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R15 security and bug fix update
Notes
Topic
An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications.
This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below.
Security fix(es):
* infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)
* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications.\n\nThis patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below.\n\nSecurity fix(es):\n\n* infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0481",
"url": "https://access.redhat.com/errata/RHSA-2020:0481"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.broker\u0026downloadType=securityPatches\u0026version=6.3.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.broker\u0026downloadType=securityPatches\u0026version=6.3.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=securityPatches\u0026version=6.3",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=securityPatches\u0026version=6.3"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1703469",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703469"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0481.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R15 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-15T03:20:45+00:00",
"generator": {
"date": "2024-11-15T03:20:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:0481",
"initial_release_date": "2020-02-12T15:26:34+00:00",
"revision_history": [
{
"date": "2020-02-12T15:26:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-02-12T15:26:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T03:20:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Fuse 6.3",
"product": {
"name": "Red Hat Fuse 6.3",
"product_id": "Red Hat Fuse 6.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_amq:6.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Fuse"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-12T15:26:34+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Fuse 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0481"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2019-10174",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2018-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1703469"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan\u0027s privileges. The attacker can use reflection to introduce new, malicious behavior into the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight contains the vulnerable library. This library is a requirement of other dependencies (Karaf and Hibernate). Under supported deployments, the vulnerable functionality is not utilized. Based on this, no OpenDaylight versions will not be fixed.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10174"
},
{
"category": "external",
"summary": "RHBZ#1703469",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703469"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10174",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10174"
}
],
"release_date": "2019-11-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-12T15:26:34+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Fuse 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0481"
},
{
"category": "workaround",
"details": "There is no known mitigation for this issue.",
"product_ids": [
"Red Hat Fuse 6.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods"
}
]
}
RHSA-2020:0729
Vulnerability from csaf_redhat
Published
2020-03-05 13:12
Modified
2024-11-15 04:15
Summary
Red Hat Security Advisory: Red Hat Data Grid 7.3.5 security update
Notes
Topic
An update for Red Hat Data Grid is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.
This release of Red Hat Data Grid 7.3.5 serves as a replacement for Red Hat Data Grid 7.3.4 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.
Security Fix(es):
* undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888)
* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* jackson-databind: Serialization gadgets in classes of the commons-configuration package (CVE-2019-14892)
* jackson-databind: Serialization gadgets in classes of the xalan package (CVE-2019-14893)
* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Data Grid is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.\n\nThis release of Red Hat Data Grid 7.3.5 serves as a replacement for Red Hat Data Grid 7.3.4 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.\n\nSecurity Fix(es):\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888)\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* jackson-databind: Serialization gadgets in classes of the commons-configuration package (CVE-2019-14892)\n\n* jackson-databind: Serialization gadgets in classes of the xalan package (CVE-2019-14893)\n\n* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0729",
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381\u0026product=data.grid\u0026version=7.3\u0026downloadType=patches",
"url": "https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381\u0026product=data.grid\u0026version=7.3\u0026downloadType=patches"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "1772464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0729.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Data Grid 7.3.5 security update",
"tracking": {
"current_release_date": "2024-11-15T04:15:49+00:00",
"generator": {
"date": "2024-11-15T04:15:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:0729",
"initial_release_date": "2020-03-05T13:12:44+00:00",
"revision_history": [
{
"date": "2020-03-05T13:12:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-03-05T13:12:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T04:15:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Data Grid 7.3.5",
"product": {
"name": "Red Hat Data Grid 7.3.5",
"product_id": "Red Hat Data Grid 7.3.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_data_grid:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Data Grid"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-05T13:12:44+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.5 server patch from the customer portal.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.5 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.3.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"acknowledgments": [
{
"names": [
"Henning Baldersheim",
"H\u00e5vard Pettersen"
],
"organization": "Verizon Media"
}
],
"cve": "CVE-2019-14888",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1772464"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14888"
},
{
"category": "external",
"summary": "RHBZ#1772464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14888",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14888"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888"
}
],
"release_date": "2020-01-20T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-05T13:12:44+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.5 server patch from the customer portal.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.5 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
},
{
"category": "workaround",
"details": "Enable HTTP2 (enable-http2=\"true\") in the undertow\u0027s HTTPS settings.",
"product_ids": [
"Red Hat Data Grid 7.3.5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.3.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS"
},
{
"cve": "CVE-2019-14892",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the commons-configuration package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14892"
},
{
"category": "external",
"summary": "RHBZ#1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892"
}
],
"release_date": "2019-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-05T13:12:44+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.5 server patch from the customer portal.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.5 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.3.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the commons-configuration package"
},
{
"cve": "CVE-2019-14893",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the xalan package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14893"
},
{
"category": "external",
"summary": "RHBZ#1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893"
}
],
"release_date": "2019-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-05T13:12:44+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.5 server patch from the customer portal.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.5 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Data Grid 7.3.5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.3.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the xalan package"
},
{
"cve": "CVE-2019-16335",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755831"
}
],
"notes": [
{
"category": "description",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16335"
},
{
"category": "external",
"summary": "RHBZ#1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-05T13:12:44+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.5 server patch from the customer portal.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.5 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariDataSource being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"Red Hat Data Grid 7.3.5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.3.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource"
}
]
}
rhsa-2023_0556
Vulnerability from csaf_redhat
Published
2023-01-31 13:18
Modified
2024-12-16 02:19
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of
service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM
manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0556",
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "JBEAP-23864",
"url": "https://issues.redhat.com/browse/JBEAP-23864"
},
{
"category": "external",
"summary": "JBEAP-23865",
"url": "https://issues.redhat.com/browse/JBEAP-23865"
},
{
"category": "external",
"summary": "JBEAP-23866",
"url": "https://issues.redhat.com/browse/JBEAP-23866"
},
{
"category": "external",
"summary": "JBEAP-24055",
"url": "https://issues.redhat.com/browse/JBEAP-24055"
},
{
"category": "external",
"summary": "JBEAP-24081",
"url": "https://issues.redhat.com/browse/JBEAP-24081"
},
{
"category": "external",
"summary": "JBEAP-24095",
"url": "https://issues.redhat.com/browse/JBEAP-24095"
},
{
"category": "external",
"summary": "JBEAP-24100",
"url": "https://issues.redhat.com/browse/JBEAP-24100"
},
{
"category": "external",
"summary": "JBEAP-24127",
"url": "https://issues.redhat.com/browse/JBEAP-24127"
},
{
"category": "external",
"summary": "JBEAP-24128",
"url": "https://issues.redhat.com/browse/JBEAP-24128"
},
{
"category": "external",
"summary": "JBEAP-24132",
"url": "https://issues.redhat.com/browse/JBEAP-24132"
},
{
"category": "external",
"summary": "JBEAP-24147",
"url": "https://issues.redhat.com/browse/JBEAP-24147"
},
{
"category": "external",
"summary": "JBEAP-24167",
"url": "https://issues.redhat.com/browse/JBEAP-24167"
},
{
"category": "external",
"summary": "JBEAP-24191",
"url": "https://issues.redhat.com/browse/JBEAP-24191"
},
{
"category": "external",
"summary": "JBEAP-24195",
"url": "https://issues.redhat.com/browse/JBEAP-24195"
},
{
"category": "external",
"summary": "JBEAP-24207",
"url": "https://issues.redhat.com/browse/JBEAP-24207"
},
{
"category": "external",
"summary": "JBEAP-24248",
"url": "https://issues.redhat.com/browse/JBEAP-24248"
},
{
"category": "external",
"summary": "JBEAP-24426",
"url": "https://issues.redhat.com/browse/JBEAP-24426"
},
{
"category": "external",
"summary": "JBEAP-24427",
"url": "https://issues.redhat.com/browse/JBEAP-24427"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0556.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"tracking": {
"current_release_date": "2024-12-16T02:19:57+00:00",
"generator": {
"date": "2024-12-16T02:19:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:0556",
"initial_release_date": "2023-01-31T13:18:26+00:00",
"revision_history": [
{
"date": "2023-01-31T13:18:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-31T13:18:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-16T02:19:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product_id": "Red Hat JBoss Enterprise Application Platform 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2016-10735",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668097"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the data-target attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10735"
},
{
"category": "external",
"summary": "RHBZ#1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
}
],
"release_date": "2016-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the data-target attribute"
},
{
"cve": "CVE-2017-18214",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1553413"
}
],
"notes": [
{
"category": "description",
"text": "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-moment: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18214"
},
{
"category": "external",
"summary": "RHBZ#1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214"
}
],
"release_date": "2017-09-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-moment: Regular expression denial of service"
},
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14041",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601616"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14041"
},
{
"category": "external",
"summary": "RHBZ#1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
},
{
"cve": "CVE-2022-3143",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124682"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: possible timing attacks via use of unsafe comparator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3143"
},
{
"category": "external",
"summary": "RHBZ#2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: possible timing attacks via use of unsafe comparator"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd: Java unsafe deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45047"
},
{
"category": "external",
"summary": "RHBZ#2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
"url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
}
],
"release_date": "2022-11-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
},
{
"category": "workaround",
"details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mina-sshd: Java unsafe deserialization vulnerability"
},
{
"cve": "CVE-2022-45693",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45693"
},
{
"category": "external",
"summary": "RHBZ#2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
},
{
"cve": "CVE-2022-46363",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155681"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: directory listing / code exfiltration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46363"
},
{
"category": "external",
"summary": "RHBZ#2155681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c",
"url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "CXF: directory listing / code exfiltration"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
}
]
}
rhsa-2023:0554
Vulnerability from csaf_redhat
Published
2023-01-31 13:15
Modified
2025-02-14 16:58
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of
service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
(CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM
manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
(CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
(CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability
(CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute
(CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator
(CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
(CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data
(CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n(CVE-2018-14040)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n(CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy\n(CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability\n(CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator\n(CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n(CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data\n(CVE-2022-40150)\n\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0554",
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "JBEAP-23864",
"url": "https://issues.redhat.com/browse/JBEAP-23864"
},
{
"category": "external",
"summary": "JBEAP-23865",
"url": "https://issues.redhat.com/browse/JBEAP-23865"
},
{
"category": "external",
"summary": "JBEAP-23866",
"url": "https://issues.redhat.com/browse/JBEAP-23866"
},
{
"category": "external",
"summary": "JBEAP-23928",
"url": "https://issues.redhat.com/browse/JBEAP-23928"
},
{
"category": "external",
"summary": "JBEAP-24055",
"url": "https://issues.redhat.com/browse/JBEAP-24055"
},
{
"category": "external",
"summary": "JBEAP-24081",
"url": "https://issues.redhat.com/browse/JBEAP-24081"
},
{
"category": "external",
"summary": "JBEAP-24095",
"url": "https://issues.redhat.com/browse/JBEAP-24095"
},
{
"category": "external",
"summary": "JBEAP-24100",
"url": "https://issues.redhat.com/browse/JBEAP-24100"
},
{
"category": "external",
"summary": "JBEAP-24127",
"url": "https://issues.redhat.com/browse/JBEAP-24127"
},
{
"category": "external",
"summary": "JBEAP-24128",
"url": "https://issues.redhat.com/browse/JBEAP-24128"
},
{
"category": "external",
"summary": "JBEAP-24132",
"url": "https://issues.redhat.com/browse/JBEAP-24132"
},
{
"category": "external",
"summary": "JBEAP-24147",
"url": "https://issues.redhat.com/browse/JBEAP-24147"
},
{
"category": "external",
"summary": "JBEAP-24167",
"url": "https://issues.redhat.com/browse/JBEAP-24167"
},
{
"category": "external",
"summary": "JBEAP-24191",
"url": "https://issues.redhat.com/browse/JBEAP-24191"
},
{
"category": "external",
"summary": "JBEAP-24195",
"url": "https://issues.redhat.com/browse/JBEAP-24195"
},
{
"category": "external",
"summary": "JBEAP-24207",
"url": "https://issues.redhat.com/browse/JBEAP-24207"
},
{
"category": "external",
"summary": "JBEAP-24248",
"url": "https://issues.redhat.com/browse/JBEAP-24248"
},
{
"category": "external",
"summary": "JBEAP-24426",
"url": "https://issues.redhat.com/browse/JBEAP-24426"
},
{
"category": "external",
"summary": "JBEAP-24427",
"url": "https://issues.redhat.com/browse/JBEAP-24427"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0554.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"tracking": {
"current_release_date": "2025-02-14T16:58:33+00:00",
"generator": {
"date": "2025-02-14T16:58:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2023:0554",
"initial_release_date": "2023-01-31T13:15:23+00:00",
"revision_history": [
{
"date": "2023-01-31T13:15:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-31T13:15:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-14T16:58:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 9",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.3-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_id": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"product_id": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_id": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.7-1.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_id": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_id": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"product": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"product_id": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"product_id": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"product_id": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"product_id": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el9eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.3-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria-enterprise@1.0.1-3.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"product_id": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-backend-jgroups@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-backend-jms@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-engine@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-orm@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-serialization-avro@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.16-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-24.Final_redhat_00023.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-24.Final_redhat_00023.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product_id": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.9-4.GA_redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.9-4.GA_redhat_00003.1.el9eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src"
},
"product_reference": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2016-10735",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668097"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the data-target attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10735"
},
{
"category": "external",
"summary": "RHBZ#1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
}
],
"release_date": "2016-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the data-target attribute"
},
{
"cve": "CVE-2017-18214",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-03-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1553413"
}
],
"notes": [
{
"category": "description",
"text": "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-moment: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18214"
},
{
"category": "external",
"summary": "RHBZ#1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214"
}
],
"release_date": "2017-09-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-moment: Regular expression denial of service"
},
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14041",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601616"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14041"
},
{
"category": "external",
"summary": "RHBZ#1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
},
{
"cve": "CVE-2022-3143",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124682"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: possible timing attacks via use of unsafe comparator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3143"
},
{
"category": "external",
"summary": "RHBZ#2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: possible timing attacks via use of unsafe comparator"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd: Java unsafe deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45047"
},
{
"category": "external",
"summary": "RHBZ#2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
"url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
}
],
"release_date": "2022-11-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
},
{
"category": "workaround",
"details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mina-sshd: Java unsafe deserialization vulnerability"
},
{
"cve": "CVE-2022-45693",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45693"
},
{
"category": "external",
"summary": "RHBZ#2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
}
]
}
rhsa-2020_0481
Vulnerability from csaf_redhat
Published
2020-02-12 15:26
Modified
2024-11-15 03:20
Summary
Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R15 security and bug fix update
Notes
Topic
An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications.
This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below.
Security fix(es):
* infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)
* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications.\n\nThis patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below.\n\nSecurity fix(es):\n\n* infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0481",
"url": "https://access.redhat.com/errata/RHSA-2020:0481"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.broker\u0026downloadType=securityPatches\u0026version=6.3.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.broker\u0026downloadType=securityPatches\u0026version=6.3.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=securityPatches\u0026version=6.3",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=securityPatches\u0026version=6.3"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1703469",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703469"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0481.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R15 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-15T03:20:45+00:00",
"generator": {
"date": "2024-11-15T03:20:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:0481",
"initial_release_date": "2020-02-12T15:26:34+00:00",
"revision_history": [
{
"date": "2020-02-12T15:26:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-02-12T15:26:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T03:20:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Fuse 6.3",
"product": {
"name": "Red Hat Fuse 6.3",
"product_id": "Red Hat Fuse 6.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_amq:6.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Fuse"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-12T15:26:34+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Fuse 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0481"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2019-10174",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2018-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1703469"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan\u0027s privileges. The attacker can use reflection to introduce new, malicious behavior into the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight contains the vulnerable library. This library is a requirement of other dependencies (Karaf and Hibernate). Under supported deployments, the vulnerable functionality is not utilized. Based on this, no OpenDaylight versions will not be fixed.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10174"
},
{
"category": "external",
"summary": "RHBZ#1703469",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703469"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10174",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10174"
}
],
"release_date": "2019-11-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-12T15:26:34+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Fuse 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0481"
},
{
"category": "workaround",
"details": "There is no known mitigation for this issue.",
"product_ids": [
"Red Hat Fuse 6.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods"
}
]
}
rhsa-2020:3936
Vulnerability from csaf_redhat
Published
2020-09-29 21:12
Modified
2024-11-22 14:43
Summary
Red Hat Security Advisory: ipa security, bug fix, and enhancement update
Notes
Topic
An update for ipa is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.
The following packages have been upgraded to a later upstream version: ipa (4.6.8). (BZ#1819725)
Security Fix(es):
* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. (CVE-2018-14042)
* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)
* bootstrap: XSS in the affix configuration target property (CVE-2018-20677)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* ipa: No password length restriction leads to denial of service (CVE-2020-1722)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ipa is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.\n\nThe following packages have been upgraded to a later upstream version: ipa (4.6.8). (BZ#1819725)\n\nSecurity Fix(es):\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)\n\n* bootstrap: XSS in the affix configuration target property (CVE-2018-20677)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* js-jquery: prototype pollution in object\u0027s prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* ipa: No password length restriction leads to denial of service (CVE-2020-1722)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3936",
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1404770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404770"
},
{
"category": "external",
"summary": "1545755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545755"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1668082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668082"
},
{
"category": "external",
"summary": "1668089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668089"
},
{
"category": "external",
"summary": "1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1754902",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1754902"
},
{
"category": "external",
"summary": "1755535",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755535"
},
{
"category": "external",
"summary": "1756568",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1756568"
},
{
"category": "external",
"summary": "1758406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758406"
},
{
"category": "external",
"summary": "1769791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1769791"
},
{
"category": "external",
"summary": "1771356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1771356"
},
{
"category": "external",
"summary": "1780548",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1780548"
},
{
"category": "external",
"summary": "1782587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782587"
},
{
"category": "external",
"summary": "1788718",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788718"
},
{
"category": "external",
"summary": "1788907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788907"
},
{
"category": "external",
"summary": "1793071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793071"
},
{
"category": "external",
"summary": "1795890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795890"
},
{
"category": "external",
"summary": "1801791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801791"
},
{
"category": "external",
"summary": "1817886",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817886"
},
{
"category": "external",
"summary": "1817918",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817918"
},
{
"category": "external",
"summary": "1817919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817919"
},
{
"category": "external",
"summary": "1817922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817922"
},
{
"category": "external",
"summary": "1817923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817923"
},
{
"category": "external",
"summary": "1817927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817927"
},
{
"category": "external",
"summary": "1819725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819725"
},
{
"category": "external",
"summary": "1825829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825829"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1829787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1829787"
},
{
"category": "external",
"summary": "1834385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834385"
},
{
"category": "external",
"summary": "1842950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842950"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3936.json"
}
],
"title": "Red Hat Security Advisory: ipa security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T14:43:09+00:00",
"generator": {
"date": "2024-11-22T14:43:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:3936",
"initial_release_date": "2020-09-29T21:12:26+00:00",
"revision_history": [
{
"date": "2020-09-29T21:12:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-09-29T21:12:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:43:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "ipa-0:4.6.8-5.el7.src",
"product": {
"name": "ipa-0:4.6.8-5.el7.src",
"product_id": "ipa-0:4.6.8-5.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa@4.6.8-5.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ipa-client-0:4.6.8-5.el7.x86_64",
"product": {
"name": "ipa-client-0:4.6.8-5.el7.x86_64",
"product_id": "ipa-client-0:4.6.8-5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.6.8-5.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"product": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"product_id": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.6.8-5.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-0:4.6.8-5.el7.x86_64",
"product": {
"name": "ipa-server-0:4.6.8-5.el7.x86_64",
"product_id": "ipa-server-0:4.6.8-5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server@4.6.8-5.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"product": {
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"product_id": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad@4.6.8-5.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ipa-client-common-0:4.6.8-5.el7.noarch",
"product": {
"name": "ipa-client-common-0:4.6.8-5.el7.noarch",
"product_id": "ipa-client-common-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-common@4.6.8-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-common-0:4.6.8-5.el7.noarch",
"product": {
"name": "ipa-common-0:4.6.8-5.el7.noarch",
"product_id": "ipa-common-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-common@4.6.8-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"product": {
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"product_id": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-python-compat@4.6.8-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"product": {
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"product_id": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-ipaclient@4.6.8-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python2-ipalib-0:4.6.8-5.el7.noarch",
"product": {
"name": "python2-ipalib-0:4.6.8-5.el7.noarch",
"product_id": "python2-ipalib-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-ipalib@4.6.8-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-server-common-0:4.6.8-5.el7.noarch",
"product": {
"name": "ipa-server-common-0:4.6.8-5.el7.noarch",
"product_id": "ipa-server-common-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-common@4.6.8-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"product": {
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"product_id": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-dns@4.6.8-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"product": {
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"product_id": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-ipaserver@4.6.8-5.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ipa-client-0:4.6.8-5.el7.s390x",
"product": {
"name": "ipa-client-0:4.6.8-5.el7.s390x",
"product_id": "ipa-client-0:4.6.8-5.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.6.8-5.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"product": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"product_id": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.6.8-5.el7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ipa-client-0:4.6.8-5.el7.ppc64",
"product": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64",
"product_id": "ipa-client-0:4.6.8-5.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.6.8-5.el7?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"product": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"product_id": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.6.8-5.el7?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "ipa-client-0:4.6.8-5.el7.ppc64le",
"product": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64le",
"product_id": "ipa-client-0:4.6.8-5.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.6.8-5.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"product": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"product_id": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.6.8-5.el7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.6.8-5.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-0:4.6.8-5.el7.src"
},
"product_reference": "ipa-0:4.6.8-5.el7.src",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-client-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipalib-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipalib-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.6.8-5.el7.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-0:4.6.8-5.el7.src"
},
"product_reference": "ipa-0:4.6.8-5.el7.src",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-client-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipalib-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipalib-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.6.8-5.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src"
},
"product_reference": "ipa-0:4.6.8-5.el7.src",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-client-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipalib-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipalib-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.6.8-5.el7.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src"
},
"product_reference": "ipa-0:4.6.8-5.el7.src",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-client-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipalib-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipalib-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.6.8-5.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-0:4.6.8-5.el7.src"
},
"product_reference": "ipa-0:4.6.8-5.el7.src",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-client-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipalib-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipalib-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.6.8-5.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-0:4.6.8-5.el7.src"
},
"product_reference": "ipa-0:4.6.8-5.el7.src",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-client-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipalib-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipalib-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2016-10735",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668097"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the data-target attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10735"
},
{
"category": "external",
"summary": "RHBZ#1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
}
],
"release_date": "2016-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the data-target attribute"
},
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2018-20676",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668082"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip data-viewport attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions do not use the vulnerable component at all.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20676"
},
{
"category": "external",
"summary": "RHBZ#1668082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20676",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20676"
}
],
"release_date": "2018-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the tooltip data-viewport attribute"
},
{
"cve": "CVE-2018-20677",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668089"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the affix configuration target property",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions do not use the vulnerable component at all.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20677"
},
{
"category": "external",
"summary": "RHBZ#1668089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668089"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20677",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20677"
}
],
"release_date": "2018-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the affix configuration target property"
},
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"acknowledgments": [
{
"names": [
"Pritam Singh"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-1722",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in IPA. When sending a very long password (\u003e= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ipa: No password length restriction leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1722"
},
{
"category": "external",
"summary": "RHBZ#1793071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1722",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1722"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1722",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1722"
}
],
"release_date": "2020-04-14T04:26:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ipa: No password length restriction leads to denial of service"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
}
]
}
RHSA-2023:0554
Vulnerability from csaf_redhat
Published
2023-01-31 13:15
Modified
2025-02-14 16:58
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of
service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
(CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM
manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
(CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
(CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability
(CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute
(CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator
(CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
(CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data
(CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n(CVE-2018-14040)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n(CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy\n(CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability\n(CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator\n(CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n(CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data\n(CVE-2022-40150)\n\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0554",
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "JBEAP-23864",
"url": "https://issues.redhat.com/browse/JBEAP-23864"
},
{
"category": "external",
"summary": "JBEAP-23865",
"url": "https://issues.redhat.com/browse/JBEAP-23865"
},
{
"category": "external",
"summary": "JBEAP-23866",
"url": "https://issues.redhat.com/browse/JBEAP-23866"
},
{
"category": "external",
"summary": "JBEAP-23928",
"url": "https://issues.redhat.com/browse/JBEAP-23928"
},
{
"category": "external",
"summary": "JBEAP-24055",
"url": "https://issues.redhat.com/browse/JBEAP-24055"
},
{
"category": "external",
"summary": "JBEAP-24081",
"url": "https://issues.redhat.com/browse/JBEAP-24081"
},
{
"category": "external",
"summary": "JBEAP-24095",
"url": "https://issues.redhat.com/browse/JBEAP-24095"
},
{
"category": "external",
"summary": "JBEAP-24100",
"url": "https://issues.redhat.com/browse/JBEAP-24100"
},
{
"category": "external",
"summary": "JBEAP-24127",
"url": "https://issues.redhat.com/browse/JBEAP-24127"
},
{
"category": "external",
"summary": "JBEAP-24128",
"url": "https://issues.redhat.com/browse/JBEAP-24128"
},
{
"category": "external",
"summary": "JBEAP-24132",
"url": "https://issues.redhat.com/browse/JBEAP-24132"
},
{
"category": "external",
"summary": "JBEAP-24147",
"url": "https://issues.redhat.com/browse/JBEAP-24147"
},
{
"category": "external",
"summary": "JBEAP-24167",
"url": "https://issues.redhat.com/browse/JBEAP-24167"
},
{
"category": "external",
"summary": "JBEAP-24191",
"url": "https://issues.redhat.com/browse/JBEAP-24191"
},
{
"category": "external",
"summary": "JBEAP-24195",
"url": "https://issues.redhat.com/browse/JBEAP-24195"
},
{
"category": "external",
"summary": "JBEAP-24207",
"url": "https://issues.redhat.com/browse/JBEAP-24207"
},
{
"category": "external",
"summary": "JBEAP-24248",
"url": "https://issues.redhat.com/browse/JBEAP-24248"
},
{
"category": "external",
"summary": "JBEAP-24426",
"url": "https://issues.redhat.com/browse/JBEAP-24426"
},
{
"category": "external",
"summary": "JBEAP-24427",
"url": "https://issues.redhat.com/browse/JBEAP-24427"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0554.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"tracking": {
"current_release_date": "2025-02-14T16:58:33+00:00",
"generator": {
"date": "2025-02-14T16:58:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2023:0554",
"initial_release_date": "2023-01-31T13:15:23+00:00",
"revision_history": [
{
"date": "2023-01-31T13:15:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-31T13:15:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-14T16:58:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 9",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.3-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_id": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"product_id": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_id": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.7-1.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_id": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_id": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"product": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"product_id": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"product_id": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"product_id": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"product_id": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el9eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.3-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria-enterprise@1.0.1-3.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"product_id": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-backend-jgroups@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-backend-jms@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-engine@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-orm@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-serialization-avro@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.16-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-24.Final_redhat_00023.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-24.Final_redhat_00023.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product_id": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.9-4.GA_redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.9-4.GA_redhat_00003.1.el9eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src"
},
"product_reference": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2016-10735",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668097"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the data-target attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10735"
},
{
"category": "external",
"summary": "RHBZ#1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
}
],
"release_date": "2016-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the data-target attribute"
},
{
"cve": "CVE-2017-18214",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-03-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1553413"
}
],
"notes": [
{
"category": "description",
"text": "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-moment: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18214"
},
{
"category": "external",
"summary": "RHBZ#1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214"
}
],
"release_date": "2017-09-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-moment: Regular expression denial of service"
},
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14041",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601616"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14041"
},
{
"category": "external",
"summary": "RHBZ#1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
},
{
"cve": "CVE-2022-3143",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124682"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: possible timing attacks via use of unsafe comparator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3143"
},
{
"category": "external",
"summary": "RHBZ#2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: possible timing attacks via use of unsafe comparator"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd: Java unsafe deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45047"
},
{
"category": "external",
"summary": "RHBZ#2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
"url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
}
],
"release_date": "2022-11-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
},
{
"category": "workaround",
"details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mina-sshd: Java unsafe deserialization vulnerability"
},
{
"cve": "CVE-2022-45693",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45693"
},
{
"category": "external",
"summary": "RHBZ#2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
}
]
}
rhsa-2023_0554
Vulnerability from csaf_redhat
Published
2023-01-31 13:15
Modified
2024-12-16 02:20
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of
service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
(CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM
manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
(CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
(CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability
(CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute
(CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator
(CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
(CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data
(CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n(CVE-2018-14040)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n(CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy\n(CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability\n(CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator\n(CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n(CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data\n(CVE-2022-40150)\n\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0554",
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "JBEAP-23864",
"url": "https://issues.redhat.com/browse/JBEAP-23864"
},
{
"category": "external",
"summary": "JBEAP-23865",
"url": "https://issues.redhat.com/browse/JBEAP-23865"
},
{
"category": "external",
"summary": "JBEAP-23866",
"url": "https://issues.redhat.com/browse/JBEAP-23866"
},
{
"category": "external",
"summary": "JBEAP-23928",
"url": "https://issues.redhat.com/browse/JBEAP-23928"
},
{
"category": "external",
"summary": "JBEAP-24055",
"url": "https://issues.redhat.com/browse/JBEAP-24055"
},
{
"category": "external",
"summary": "JBEAP-24081",
"url": "https://issues.redhat.com/browse/JBEAP-24081"
},
{
"category": "external",
"summary": "JBEAP-24095",
"url": "https://issues.redhat.com/browse/JBEAP-24095"
},
{
"category": "external",
"summary": "JBEAP-24100",
"url": "https://issues.redhat.com/browse/JBEAP-24100"
},
{
"category": "external",
"summary": "JBEAP-24127",
"url": "https://issues.redhat.com/browse/JBEAP-24127"
},
{
"category": "external",
"summary": "JBEAP-24128",
"url": "https://issues.redhat.com/browse/JBEAP-24128"
},
{
"category": "external",
"summary": "JBEAP-24132",
"url": "https://issues.redhat.com/browse/JBEAP-24132"
},
{
"category": "external",
"summary": "JBEAP-24147",
"url": "https://issues.redhat.com/browse/JBEAP-24147"
},
{
"category": "external",
"summary": "JBEAP-24167",
"url": "https://issues.redhat.com/browse/JBEAP-24167"
},
{
"category": "external",
"summary": "JBEAP-24191",
"url": "https://issues.redhat.com/browse/JBEAP-24191"
},
{
"category": "external",
"summary": "JBEAP-24195",
"url": "https://issues.redhat.com/browse/JBEAP-24195"
},
{
"category": "external",
"summary": "JBEAP-24207",
"url": "https://issues.redhat.com/browse/JBEAP-24207"
},
{
"category": "external",
"summary": "JBEAP-24248",
"url": "https://issues.redhat.com/browse/JBEAP-24248"
},
{
"category": "external",
"summary": "JBEAP-24426",
"url": "https://issues.redhat.com/browse/JBEAP-24426"
},
{
"category": "external",
"summary": "JBEAP-24427",
"url": "https://issues.redhat.com/browse/JBEAP-24427"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0554.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"tracking": {
"current_release_date": "2024-12-16T02:20:06+00:00",
"generator": {
"date": "2024-12-16T02:20:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:0554",
"initial_release_date": "2023-01-31T13:15:23+00:00",
"revision_history": [
{
"date": "2023-01-31T13:15:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-31T13:15:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-16T02:20:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 9",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.3-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_id": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"product_id": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_id": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.7-1.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_id": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_id": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"product": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"product_id": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"product_id": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"product_id": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"product_id": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el9eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.3-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria-enterprise@1.0.1-3.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"product_id": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-backend-jgroups@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-backend-jms@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-engine@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-orm@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-serialization-avro@5.10.13-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.16-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-24.Final_redhat_00023.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-24.Final_redhat_00023.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product_id": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.9-4.GA_redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.9-4.GA_redhat_00003.1.el9eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src"
},
"product_reference": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2016-10735",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668097"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the data-target attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10735"
},
{
"category": "external",
"summary": "RHBZ#1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
}
],
"release_date": "2016-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the data-target attribute"
},
{
"cve": "CVE-2017-18214",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-03-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1553413"
}
],
"notes": [
{
"category": "description",
"text": "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-moment: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18214"
},
{
"category": "external",
"summary": "RHBZ#1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214"
}
],
"release_date": "2017-09-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-moment: Regular expression denial of service"
},
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14041",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601616"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14041"
},
{
"category": "external",
"summary": "RHBZ#1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
},
{
"cve": "CVE-2022-3143",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124682"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: possible timing attacks via use of unsafe comparator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3143"
},
{
"category": "external",
"summary": "RHBZ#2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: possible timing attacks via use of unsafe comparator"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd: Java unsafe deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45047"
},
{
"category": "external",
"summary": "RHBZ#2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
"url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
}
],
"release_date": "2022-11-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
},
{
"category": "workaround",
"details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mina-sshd: Java unsafe deserialization vulnerability"
},
{
"cve": "CVE-2022-45693",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45693"
},
{
"category": "external",
"summary": "RHBZ#2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:23+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
}
]
}
RHSA-2023:0552
Vulnerability from csaf_redhat
Published
2023-01-31 13:15
Modified
2025-02-14 16:58
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0552",
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "JBEAP-23864",
"url": "https://issues.redhat.com/browse/JBEAP-23864"
},
{
"category": "external",
"summary": "JBEAP-23865",
"url": "https://issues.redhat.com/browse/JBEAP-23865"
},
{
"category": "external",
"summary": "JBEAP-23866",
"url": "https://issues.redhat.com/browse/JBEAP-23866"
},
{
"category": "external",
"summary": "JBEAP-23926",
"url": "https://issues.redhat.com/browse/JBEAP-23926"
},
{
"category": "external",
"summary": "JBEAP-24055",
"url": "https://issues.redhat.com/browse/JBEAP-24055"
},
{
"category": "external",
"summary": "JBEAP-24081",
"url": "https://issues.redhat.com/browse/JBEAP-24081"
},
{
"category": "external",
"summary": "JBEAP-24095",
"url": "https://issues.redhat.com/browse/JBEAP-24095"
},
{
"category": "external",
"summary": "JBEAP-24100",
"url": "https://issues.redhat.com/browse/JBEAP-24100"
},
{
"category": "external",
"summary": "JBEAP-24127",
"url": "https://issues.redhat.com/browse/JBEAP-24127"
},
{
"category": "external",
"summary": "JBEAP-24128",
"url": "https://issues.redhat.com/browse/JBEAP-24128"
},
{
"category": "external",
"summary": "JBEAP-24132",
"url": "https://issues.redhat.com/browse/JBEAP-24132"
},
{
"category": "external",
"summary": "JBEAP-24147",
"url": "https://issues.redhat.com/browse/JBEAP-24147"
},
{
"category": "external",
"summary": "JBEAP-24167",
"url": "https://issues.redhat.com/browse/JBEAP-24167"
},
{
"category": "external",
"summary": "JBEAP-24191",
"url": "https://issues.redhat.com/browse/JBEAP-24191"
},
{
"category": "external",
"summary": "JBEAP-24195",
"url": "https://issues.redhat.com/browse/JBEAP-24195"
},
{
"category": "external",
"summary": "JBEAP-24207",
"url": "https://issues.redhat.com/browse/JBEAP-24207"
},
{
"category": "external",
"summary": "JBEAP-24248",
"url": "https://issues.redhat.com/browse/JBEAP-24248"
},
{
"category": "external",
"summary": "JBEAP-24426",
"url": "https://issues.redhat.com/browse/JBEAP-24426"
},
{
"category": "external",
"summary": "JBEAP-24427",
"url": "https://issues.redhat.com/browse/JBEAP-24427"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0552.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"tracking": {
"current_release_date": "2025-02-14T16:58:44+00:00",
"generator": {
"date": "2025-02-14T16:58:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2023:0552",
"initial_release_date": "2023-01-31T13:15:22+00:00",
"revision_history": [
{
"date": "2023-01-31T13:15:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-31T13:15:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-14T16:58:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.3-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"product_id": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.7-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"product_id": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_id": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.3-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria-enterprise@1.0.1-3.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-backend-jgroups@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-backend-jms@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-engine@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-orm@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-serialization-avro@5.10.13-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.16-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-24.Final_redhat_00023.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-24.Final_redhat_00023.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.9-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2016-10735",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668097"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the data-target attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10735"
},
{
"category": "external",
"summary": "RHBZ#1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
}
],
"release_date": "2016-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the data-target attribute"
},
{
"cve": "CVE-2017-18214",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-03-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1553413"
}
],
"notes": [
{
"category": "description",
"text": "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-moment: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18214"
},
{
"category": "external",
"summary": "RHBZ#1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214"
}
],
"release_date": "2017-09-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-moment: Regular expression denial of service"
},
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14041",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601616"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14041"
},
{
"category": "external",
"summary": "RHBZ#1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
},
{
"cve": "CVE-2022-3143",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124682"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: possible timing attacks via use of unsafe comparator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3143"
},
{
"category": "external",
"summary": "RHBZ#2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: possible timing attacks via use of unsafe comparator"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd: Java unsafe deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45047"
},
{
"category": "external",
"summary": "RHBZ#2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
"url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
}
],
"release_date": "2022-11-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
},
{
"category": "workaround",
"details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mina-sshd: Java unsafe deserialization vulnerability"
},
{
"cve": "CVE-2022-45693",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45693"
},
{
"category": "external",
"summary": "RHBZ#2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:15:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
}
]
}
rhsa-2023:0556
Vulnerability from csaf_redhat
Published
2023-01-31 13:18
Modified
2025-02-14 16:58
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of
service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM
manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0556",
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "JBEAP-23864",
"url": "https://issues.redhat.com/browse/JBEAP-23864"
},
{
"category": "external",
"summary": "JBEAP-23865",
"url": "https://issues.redhat.com/browse/JBEAP-23865"
},
{
"category": "external",
"summary": "JBEAP-23866",
"url": "https://issues.redhat.com/browse/JBEAP-23866"
},
{
"category": "external",
"summary": "JBEAP-24055",
"url": "https://issues.redhat.com/browse/JBEAP-24055"
},
{
"category": "external",
"summary": "JBEAP-24081",
"url": "https://issues.redhat.com/browse/JBEAP-24081"
},
{
"category": "external",
"summary": "JBEAP-24095",
"url": "https://issues.redhat.com/browse/JBEAP-24095"
},
{
"category": "external",
"summary": "JBEAP-24100",
"url": "https://issues.redhat.com/browse/JBEAP-24100"
},
{
"category": "external",
"summary": "JBEAP-24127",
"url": "https://issues.redhat.com/browse/JBEAP-24127"
},
{
"category": "external",
"summary": "JBEAP-24128",
"url": "https://issues.redhat.com/browse/JBEAP-24128"
},
{
"category": "external",
"summary": "JBEAP-24132",
"url": "https://issues.redhat.com/browse/JBEAP-24132"
},
{
"category": "external",
"summary": "JBEAP-24147",
"url": "https://issues.redhat.com/browse/JBEAP-24147"
},
{
"category": "external",
"summary": "JBEAP-24167",
"url": "https://issues.redhat.com/browse/JBEAP-24167"
},
{
"category": "external",
"summary": "JBEAP-24191",
"url": "https://issues.redhat.com/browse/JBEAP-24191"
},
{
"category": "external",
"summary": "JBEAP-24195",
"url": "https://issues.redhat.com/browse/JBEAP-24195"
},
{
"category": "external",
"summary": "JBEAP-24207",
"url": "https://issues.redhat.com/browse/JBEAP-24207"
},
{
"category": "external",
"summary": "JBEAP-24248",
"url": "https://issues.redhat.com/browse/JBEAP-24248"
},
{
"category": "external",
"summary": "JBEAP-24426",
"url": "https://issues.redhat.com/browse/JBEAP-24426"
},
{
"category": "external",
"summary": "JBEAP-24427",
"url": "https://issues.redhat.com/browse/JBEAP-24427"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0556.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"tracking": {
"current_release_date": "2025-02-14T16:58:23+00:00",
"generator": {
"date": "2025-02-14T16:58:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2023:0556",
"initial_release_date": "2023-01-31T13:18:26+00:00",
"revision_history": [
{
"date": "2023-01-31T13:18:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-31T13:18:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-14T16:58:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product_id": "Red Hat JBoss Enterprise Application Platform 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2016-10735",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668097"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the data-target attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10735"
},
{
"category": "external",
"summary": "RHBZ#1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
}
],
"release_date": "2016-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the data-target attribute"
},
{
"cve": "CVE-2017-18214",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1553413"
}
],
"notes": [
{
"category": "description",
"text": "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-moment: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18214"
},
{
"category": "external",
"summary": "RHBZ#1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214"
}
],
"release_date": "2017-09-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-moment: Regular expression denial of service"
},
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14041",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601616"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14041"
},
{
"category": "external",
"summary": "RHBZ#1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
},
{
"cve": "CVE-2022-3143",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124682"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: possible timing attacks via use of unsafe comparator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3143"
},
{
"category": "external",
"summary": "RHBZ#2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: possible timing attacks via use of unsafe comparator"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd: Java unsafe deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45047"
},
{
"category": "external",
"summary": "RHBZ#2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
"url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
}
],
"release_date": "2022-11-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
},
{
"category": "workaround",
"details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mina-sshd: Java unsafe deserialization vulnerability"
},
{
"cve": "CVE-2022-45693",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45693"
},
{
"category": "external",
"summary": "RHBZ#2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
},
{
"cve": "CVE-2022-46363",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155681"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: directory listing / code exfiltration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46363"
},
{
"category": "external",
"summary": "RHBZ#2155681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c",
"url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "CXF: directory listing / code exfiltration"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
}
]
}
RHSA-2020:0983
Vulnerability from csaf_redhat
Published
2020-03-26 15:46
Modified
2025-02-02 20:20
Summary
Red Hat Security Advisory: Red Hat Fuse 7.6.0 security update
Notes
Topic
A minor version update (from 7.5 to 7.6) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
[2020-04-17 update: descriptions for mutiple components fixed for the same CVE added; also added golang CVE descriptions that were unintentionally ommitted from the original publication]
Details
This release of Red Hat Fuse 7.6.0 serves as a replacement for Red Hat Fuse 7.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* golang: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* undertow: HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)
* undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* golang: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
* undertow: HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)
* undertow: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
* undertow: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)
* infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)
* spring-security-core: mishandling of user passwords allows logging in with a password of NULL (CVE-2019-11272)
* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)
* jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)
* xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response (CVE-2019-17570)
* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* logback: Serialization vulnerability in SocketServer and ServerSocketReceiver (CVE-2017-5929)
* js-jquery: XSS in responses from cross-origin ajax requests (CVE-2017-16012)
* apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip (CVE-2018-11771)
* spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher (CVE-2019-3802)
* undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)
* shiro: Cookie padding oracle vulnerability with default configuration (CVE-2019-12422)
* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. (CVE-2019-12814)
* jackson-databind: Polymorphic typing issue related to logback/JNDI (CVE-2019-14439)
* springframework: DoS Attack via Range Requests (CVE-2018-15756)
* c3p0: loading XML configuration leads to denial of service (CVE-2019-5427)
* undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A minor version update (from 7.5 to 7.6) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[2020-04-17 update: descriptions for mutiple components fixed for the same CVE added; also added golang CVE descriptions that were unintentionally ommitted from the original publication]",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat Fuse 7.6.0 serves as a replacement for Red Hat Fuse 7.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* golang: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* undertow: HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)\n\n* undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* golang: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n* undertow: HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* undertow: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\n* undertow: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\n* infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)\n\n* spring-security-core: mishandling of user passwords allows logging in with a password of NULL (CVE-2019-11272)\n\n* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)\n\n* jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)\n\n* xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response (CVE-2019-17570)\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* logback: Serialization vulnerability in SocketServer and ServerSocketReceiver (CVE-2017-5929)\n\n* js-jquery: XSS in responses from cross-origin ajax requests (CVE-2017-16012)\n\n* apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip (CVE-2018-11771)\n\n* spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher (CVE-2019-3802)\n\n* undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)\n\n* shiro: Cookie padding oracle vulnerability with default configuration (CVE-2019-12422)\n\n* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. (CVE-2019-12814)\n\n* jackson-databind: Polymorphic typing issue related to logback/JNDI (CVE-2019-14439)\n\n* springframework: DoS Attack via Range Requests (CVE-2018-15756)\n\n* c3p0: loading XML configuration leads to denial of service (CVE-2019-5427)\n\n* undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0983",
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.6.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.6.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1432858",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432858"
},
{
"category": "external",
"summary": "1591854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591854"
},
{
"category": "external",
"summary": "1618573",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618573"
},
{
"category": "external",
"summary": "1643043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643043"
},
{
"category": "external",
"summary": "1693777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693777"
},
{
"category": "external",
"summary": "1703469",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703469"
},
{
"category": "external",
"summary": "1709860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1709860"
},
{
"category": "external",
"summary": "1713068",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713068"
},
{
"category": "external",
"summary": "1725795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725795"
},
{
"category": "external",
"summary": "1725807",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725807"
},
{
"category": "external",
"summary": "1728993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728993"
},
{
"category": "external",
"summary": "1730316",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730316"
},
{
"category": "external",
"summary": "1735645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735645"
},
{
"category": "external",
"summary": "1735741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
},
{
"category": "external",
"summary": "1735744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744"
},
{
"category": "external",
"summary": "1735745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735745"
},
{
"category": "external",
"summary": "1735749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735749"
},
{
"category": "external",
"summary": "1737517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737517"
},
{
"category": "external",
"summary": "1741864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
},
{
"category": "external",
"summary": "1741868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
},
{
"category": "external",
"summary": "1752962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752962"
},
{
"category": "external",
"summary": "1774726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774726"
},
{
"category": "external",
"summary": "1775193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775193"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0983.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Fuse 7.6.0 security update",
"tracking": {
"current_release_date": "2025-02-02T20:20:12+00:00",
"generator": {
"date": "2025-02-02T20:20:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.6"
}
},
"id": "RHSA-2020:0983",
"initial_release_date": "2020-03-26T15:46:59+00:00",
"revision_history": [
{
"date": "2020-03-26T15:46:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-04-20T07:19:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-02T20:20:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Fuse 7.6.0",
"product": {
"name": "Red Hat Fuse 7.6.0",
"product_id": "Red Hat Fuse 7.6.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_fuse:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Fuse"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2017-5929",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2017-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1432858"
}
],
"notes": [
{
"category": "description",
"text": "It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to execute arbitrary code through deserialization of custom gadget chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "logback: Serialization vulnerability in SocketServer and ServerSocketReceiver",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5929"
},
{
"category": "external",
"summary": "RHBZ#1432858",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432858"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5929",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5929"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5929",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5929"
}
],
"release_date": "2017-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "logback: Serialization vulnerability in SocketServer and ServerSocketReceiver"
},
{
"cve": "CVE-2017-16012",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-06-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1591854"
}
],
"notes": [
{
"category": "description",
"text": "[REJECTED CVE] This CVE has been rejected. This candidate is a duplicate of CVE-2015-9251. Note: All CVE users should reference CVE-2015-9251 instead of this candidate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "js-jquery: XSS in responses from cross-origin ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-16012"
},
{
"category": "external",
"summary": "RHBZ#1591854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16012"
}
],
"release_date": "2017-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "js-jquery: XSS in responses from cross-origin ajax requests"
},
{
"cve": "CVE-2018-11771",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618573"
}
],
"notes": [
{
"category": "description",
"text": "When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17\u0027s ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress\u0027 zip package.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-11771"
},
{
"category": "external",
"summary": "RHBZ#1618573",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618573"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-11771",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11771"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-11771",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11771"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread.html/b8da751fc0ca949534cdf2744111da6bb0349d2798fac94b0a50f330@%3Cannounce.apache.org%3E",
"url": "https://lists.apache.org/thread.html/b8da751fc0ca949534cdf2744111da6bb0349d2798fac94b0a50f330@%3Cannounce.apache.org%3E"
}
],
"release_date": "2018-08-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip"
},
{
"cve": "CVE-2018-12536",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2018-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1597418"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn\u0027t match a dynamic url-pattern, and is eventually handled by the DefaultServlet\u0027s static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: full server path revealed when using the default Error Handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12536"
},
{
"category": "external",
"summary": "RHBZ#1597418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597418"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12536",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12536"
}
],
"release_date": "2018-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "Information disclosure occurs when java.nio.file.InvalidPathException occurs and is handled by the default Jetty error handler. To protect against this, a custom error handler can be configured for that particular error or for a larger set of errors according to the documentation link below. Red Hat Product Security advises that production deployments on Jetty use custom error handlers to limit the information disclosed and to ensure effective logging of error conditions.\n\nhttp://www.eclipse.org/jetty/documentation/current/custom-error-pages.html",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jetty: full server path revealed when using the default Error Handling"
},
{
"cve": "CVE-2018-15756",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1643043"
}
],
"notes": [
{
"category": "description",
"text": "Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: DoS Attack via Range Requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The package rhvm-dependencies does not include the vulnerable spring-webmvc component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-15756"
},
{
"category": "external",
"summary": "RHBZ#1643043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643043"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-15756",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-15756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15756"
},
{
"category": "external",
"summary": "https://pivotal.io/security/cve-2018-15756",
"url": "https://pivotal.io/security/cve-2018-15756"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "springframework: DoS Attack via Range Requests"
},
{
"cve": "CVE-2019-3802",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1730316"
}
],
"notes": [
{
"category": "description",
"text": "This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3802"
},
{
"category": "external",
"summary": "RHBZ#1730316",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730316"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3802",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3802"
},
{
"category": "external",
"summary": "https://pivotal.io/security/cve-2019-3802",
"url": "https://pivotal.io/security/cve-2019-3802"
}
],
"release_date": "2019-07-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher"
},
{
"acknowledgments": [
{
"names": [
"Carter Kozak"
]
}
],
"cve": "CVE-2019-3888",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2019-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1693777"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3888"
},
{
"category": "external",
"summary": "RHBZ#1693777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3888",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3888"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3888",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3888"
}
],
"release_date": "2019-06-10T15:13:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed"
},
{
"cve": "CVE-2019-5427",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2019-04-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1709860"
}
],
"notes": [
{
"category": "description",
"text": "c3p0 version \u003c 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "c3p0: loading XML configuration leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 is not vulnerable to this issue, because the candlepin component who uses the c3p0 jar never passes a XML configuration file to c3p0, even though it includes a vulnerable version of the latter. Since this issue requires a XML files to be loaded by c3p0, an exploitation path doesn\u0027t exist.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5427"
},
{
"category": "external",
"summary": "RHBZ#1709860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1709860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5427",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5427"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5427",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5427"
}
],
"release_date": "2019-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "c3p0: loading XML configuration leads to denial of service"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9512",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735645"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using PING frames results in unbounded memory growth",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9512"
},
{
"category": "external",
"summary": "RHBZ#1735645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9512",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9512"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg",
"url": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA",
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html",
"url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using PING frames results in unbounded memory growth"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9513",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for packages nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9513"
},
{
"category": "external",
"summary": "RHBZ#1735741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9513",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9513"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/",
"url": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9514",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735744"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using HEADERS frames results in unbounded memory growth",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9514"
},
{
"category": "external",
"summary": "RHBZ#1735744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9514",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9514"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg",
"url": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA",
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html",
"url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using HEADERS frames results in unbounded memory growth"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9515",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735745"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using SETTINGS frames results in unbounded memory growth",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the version of grafana(embeds gRPC) as shipped with Red Hat Ceph Storage 3 as it include the support for HTTP/2.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9515"
},
{
"category": "external",
"summary": "RHBZ#1735745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735745"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9515",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9515"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html",
"url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using SETTINGS frames results in unbounded memory growth"
},
{
"cve": "CVE-2019-9516",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741864"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: 0-length headers lead to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9516"
},
{
"category": "external",
"summary": "RHBZ#1741864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9516",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9516"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/issues/1382#",
"url": "https://github.com/nghttp2/nghttp2/issues/1382#"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: 0-length headers lead to denial of service"
},
{
"cve": "CVE-2019-9517",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741868"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server\u0027s queue is setup, the responses can consume excess memory, CPU, or both, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: request for large response leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The package httpd versions as shipped with Red Hat Enterprise Linux 5, 6 and 7 are not affected by this issue as HTTP/2 support is not provided.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9517"
},
{
"category": "external",
"summary": "RHBZ#1741868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "The httpd version shipped with Red Hat Enterprise Linux 8 provides HTTP/2 support through mod_http2 package. While mod_http2 package is not updated, users can disable HTTP/2 support as mitigation action by executing the following steps:\n\n1. Stop httpd service:\n$ systemctl stop httpd\n\n2. Remove http/2 protocol support from configuration files:\n$ sed -i \u0027s/\\(h2\\)\\|\\(h2c\\)//g\u0027 \u003chttpd_config_file\u003e\n\n3. Validate configuration files to make sure all syntax is valid:\n$ apachectl configtest\n\n4. Restart httpd service:\n$ systemctl start httpd",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: request for large response leads to denial of service"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735749"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using empty frames results in excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9518"
},
{
"category": "external",
"summary": "RHBZ#1735749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using empty frames results in excessive resource consumption"
},
{
"cve": "CVE-2019-10174",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2018-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1703469"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan\u0027s privileges. The attacker can use reflection to introduce new, malicious behavior into the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight contains the vulnerable library. This library is a requirement of other dependencies (Karaf and Hibernate). Under supported deployments, the vulnerable functionality is not utilized. Based on this, no OpenDaylight versions will not be fixed.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10174"
},
{
"category": "external",
"summary": "RHBZ#1703469",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703469"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10174",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10174"
}
],
"release_date": "2019-11-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "There is no known mitigation for this issue.",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods"
},
{
"acknowledgments": [
{
"names": [
"Christian Schl\u00fcter"
],
"organization": "Viada"
}
],
"cve": "CVE-2019-10184",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"discovery_date": "2019-03-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1713068"
}
],
"notes": [
{
"category": "description",
"text": "undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Information leak in requests for directories without trailing slashes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10184"
},
{
"category": "external",
"summary": "RHBZ#1713068",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713068"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10184",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10184"
}
],
"release_date": "2019-07-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undertow: Information leak in requests for directories without trailing slashes"
},
{
"cve": "CVE-2019-10241",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1705924"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of jetty which is embedded in the nutch package as shipped with Red Hat Satellite 5. The jetty server is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low in the context of Red Hat Satellite 5. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10241"
},
{
"category": "external",
"summary": "RHBZ#1705924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10241",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10241"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10241",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10241"
}
],
"release_date": "2019-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions"
},
{
"cve": "CVE-2019-10247",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1705993"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: error path information disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of jetty which is embedded in the nutch package as shipped with Red Hat Satellite 5. The jetty server is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low in the context of Red Hat Satellite 5. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10247"
},
{
"category": "external",
"summary": "RHBZ#1705993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705993"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10247",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10247"
}
],
"release_date": "2019-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jetty: error path information disclosure"
},
{
"cve": "CVE-2019-11272",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2019-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1728993"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Security in several versions, in the use of plain text passwords using the PlaintextPasswordEncoder. If an application is using an affected version of Spring Security with the PlaintextPasswordEncoder and a user has a null encoded password, an attacker can use this flaw to authenticate using a password of \"null.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security-core: mishandling of user passwords allows logging in with a password of NULL",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight versions 9 and 10 contain the vulnerable code. However, these OpenDaylight versions were released as technical preview with limited support and will therefore not be updated. Other OpenDaylight versions do not contain the vulnerable library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11272"
},
{
"category": "external",
"summary": "RHBZ#1728993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728993"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11272",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11272"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11272",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11272"
},
{
"category": "external",
"summary": "https://pivotal.io/security/cve-2019-11272",
"url": "https://pivotal.io/security/cve-2019-11272"
}
],
"release_date": "2019-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "spring-security-core: mishandling of user passwords allows logging in with a password of NULL"
},
{
"cve": "CVE-2019-12384",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1725807"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind in versions prior to 2.9.9. The vulnerability would permit polymorphic deserialization of malicious objects using the logback-core gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. Depending on the classpath content, remote code execution may be possible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack\u0027s OpenDaylight does not use logback in any supported configuration. Therefore, the prerequisites for this vulnerability are not present and OpenDaylight is not affected.\n\nThis vulnerability relies on logback-core (ch.qos.logback.core) being present in the application\u0027s ClassPath. Logback-core is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use logback-core are not impacted by this vulnerability.\n\nThis issue affects the versions of jackson-databind bundled with candlepin as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12384"
},
{
"category": "external",
"summary": "RHBZ#1725807",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725807"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12384"
}
],
"release_date": "2019-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution"
},
{
"cve": "CVE-2019-12422",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-11-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1774726"
}
],
"notes": [
{
"category": "description",
"text": "Apache Shiro before 1.4.2, when using the default \"remember me\" configuration, cookies could be susceptible to a padding attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shiro: Cookie padding oracle vulnerability with default configuration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12422"
},
{
"category": "external",
"summary": "RHBZ#1774726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12422",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12422"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12422",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12422"
}
],
"release_date": "2019-11-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "shiro: Cookie padding oracle vulnerability with default configuration"
},
{
"cve": "CVE-2019-12814",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1725795"
}
],
"notes": [
{
"category": "description",
"text": "A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Red Hat Satellite 6 does not include the jdom or jdom2 packages, thus it is not affected by this vulnerability. \n* Red Hat OpenStack\u0027s OpenDaylight does not include the jdom or jdom2 packages, thus it is not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12814"
},
{
"category": "external",
"summary": "RHBZ#1725795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12814"
}
],
"release_date": "2019-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "This vulnerability relies on jdom (org.jdom) or jdom2 (org.jdom2) being present in the application\u0027s ClassPath. Applications using jackson-databind that do not also use jdom or jdom2 are not impacted by this vulnerability.",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message."
},
{
"cve": "CVE-2019-14379",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-07-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1737517"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: default typing mishandling leading to remote code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nSimilarly, Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14379"
},
{
"category": "external",
"summary": "RHBZ#1737517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737517"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14379"
}
],
"release_date": "2019-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: default typing mishandling leading to remote code execution"
},
{
"cve": "CVE-2019-14439",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1752962"
}
],
"notes": [
{
"category": "description",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Polymorphic typing issue related to logback/JNDI",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight provided as part of Red Hat OpenStack does not utilize logback when used in a supported configuration. Therefore, the prerequisites for this vulnerability are not present and OpenDaylight is not affected.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14439"
},
{
"category": "external",
"summary": "RHBZ#1752962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752962"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14439",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14439"
}
],
"release_date": "2019-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Polymorphic typing issue related to logback/JNDI"
},
{
"acknowledgments": [
{
"names": [
"Guillaume Teissier"
],
"organization": "Orange"
}
],
"cve": "CVE-2019-17570",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-11-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1775193"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered where the XMLRPC client implementation in Apache XMLRPC, performed deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious or compromised XMLRPC server could possibly use this flaw to execute arbitrary code with the privileges of an application using the Apache XMLRPC client library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7 provides vulnerable version of xmlrpc via the Optional repository. As the Optional repository is not supported, this issue is not planned to be addressed there.\n\nRed Hat Virtualization Manager uses xmlrpc only for internal communication with the scheduler. Since this is a component of the Manager itself, it is not subject to attacker influence and does not represent an attack surface.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17570"
},
{
"category": "external",
"summary": "RHBZ#1775193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775193"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17570",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17570"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17570",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17570"
},
{
"category": "external",
"summary": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-x2r6-4m45-m4jp",
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-x2r6-4m45-m4jp"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the Apache XMLRPC client library from sending requests to untrusted XMLRPC servers.",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response"
}
]
}
rhsa-2020:0729
Vulnerability from csaf_redhat
Published
2020-03-05 13:12
Modified
2024-11-15 04:15
Summary
Red Hat Security Advisory: Red Hat Data Grid 7.3.5 security update
Notes
Topic
An update for Red Hat Data Grid is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.
This release of Red Hat Data Grid 7.3.5 serves as a replacement for Red Hat Data Grid 7.3.4 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.
Security Fix(es):
* undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888)
* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* jackson-databind: Serialization gadgets in classes of the commons-configuration package (CVE-2019-14892)
* jackson-databind: Serialization gadgets in classes of the xalan package (CVE-2019-14893)
* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Data Grid is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.\n\nThis release of Red Hat Data Grid 7.3.5 serves as a replacement for Red Hat Data Grid 7.3.4 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.\n\nSecurity Fix(es):\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888)\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* jackson-databind: Serialization gadgets in classes of the commons-configuration package (CVE-2019-14892)\n\n* jackson-databind: Serialization gadgets in classes of the xalan package (CVE-2019-14893)\n\n* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0729",
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381\u0026product=data.grid\u0026version=7.3\u0026downloadType=patches",
"url": "https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381\u0026product=data.grid\u0026version=7.3\u0026downloadType=patches"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "1772464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0729.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Data Grid 7.3.5 security update",
"tracking": {
"current_release_date": "2024-11-15T04:15:49+00:00",
"generator": {
"date": "2024-11-15T04:15:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:0729",
"initial_release_date": "2020-03-05T13:12:44+00:00",
"revision_history": [
{
"date": "2020-03-05T13:12:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-03-05T13:12:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T04:15:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Data Grid 7.3.5",
"product": {
"name": "Red Hat Data Grid 7.3.5",
"product_id": "Red Hat Data Grid 7.3.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_data_grid:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Data Grid"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-05T13:12:44+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.5 server patch from the customer portal.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.5 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.3.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"acknowledgments": [
{
"names": [
"Henning Baldersheim",
"H\u00e5vard Pettersen"
],
"organization": "Verizon Media"
}
],
"cve": "CVE-2019-14888",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1772464"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14888"
},
{
"category": "external",
"summary": "RHBZ#1772464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14888",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14888"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888"
}
],
"release_date": "2020-01-20T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-05T13:12:44+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.5 server patch from the customer portal.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.5 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
},
{
"category": "workaround",
"details": "Enable HTTP2 (enable-http2=\"true\") in the undertow\u0027s HTTPS settings.",
"product_ids": [
"Red Hat Data Grid 7.3.5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.3.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS"
},
{
"cve": "CVE-2019-14892",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the commons-configuration package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14892"
},
{
"category": "external",
"summary": "RHBZ#1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892"
}
],
"release_date": "2019-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-05T13:12:44+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.5 server patch from the customer portal.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.5 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.3.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the commons-configuration package"
},
{
"cve": "CVE-2019-14893",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the xalan package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14893"
},
{
"category": "external",
"summary": "RHBZ#1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893"
}
],
"release_date": "2019-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-05T13:12:44+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.5 server patch from the customer portal.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.5 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Data Grid 7.3.5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.3.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the xalan package"
},
{
"cve": "CVE-2019-16335",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755831"
}
],
"notes": [
{
"category": "description",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16335"
},
{
"category": "external",
"summary": "RHBZ#1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-05T13:12:44+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.5 server patch from the customer portal.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.5 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariDataSource being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"Red Hat Data Grid 7.3.5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.3.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource"
}
]
}
RHSA-2023:0556
Vulnerability from csaf_redhat
Published
2023-01-31 13:18
Modified
2025-02-14 16:58
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of
service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM
manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0556",
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "JBEAP-23864",
"url": "https://issues.redhat.com/browse/JBEAP-23864"
},
{
"category": "external",
"summary": "JBEAP-23865",
"url": "https://issues.redhat.com/browse/JBEAP-23865"
},
{
"category": "external",
"summary": "JBEAP-23866",
"url": "https://issues.redhat.com/browse/JBEAP-23866"
},
{
"category": "external",
"summary": "JBEAP-24055",
"url": "https://issues.redhat.com/browse/JBEAP-24055"
},
{
"category": "external",
"summary": "JBEAP-24081",
"url": "https://issues.redhat.com/browse/JBEAP-24081"
},
{
"category": "external",
"summary": "JBEAP-24095",
"url": "https://issues.redhat.com/browse/JBEAP-24095"
},
{
"category": "external",
"summary": "JBEAP-24100",
"url": "https://issues.redhat.com/browse/JBEAP-24100"
},
{
"category": "external",
"summary": "JBEAP-24127",
"url": "https://issues.redhat.com/browse/JBEAP-24127"
},
{
"category": "external",
"summary": "JBEAP-24128",
"url": "https://issues.redhat.com/browse/JBEAP-24128"
},
{
"category": "external",
"summary": "JBEAP-24132",
"url": "https://issues.redhat.com/browse/JBEAP-24132"
},
{
"category": "external",
"summary": "JBEAP-24147",
"url": "https://issues.redhat.com/browse/JBEAP-24147"
},
{
"category": "external",
"summary": "JBEAP-24167",
"url": "https://issues.redhat.com/browse/JBEAP-24167"
},
{
"category": "external",
"summary": "JBEAP-24191",
"url": "https://issues.redhat.com/browse/JBEAP-24191"
},
{
"category": "external",
"summary": "JBEAP-24195",
"url": "https://issues.redhat.com/browse/JBEAP-24195"
},
{
"category": "external",
"summary": "JBEAP-24207",
"url": "https://issues.redhat.com/browse/JBEAP-24207"
},
{
"category": "external",
"summary": "JBEAP-24248",
"url": "https://issues.redhat.com/browse/JBEAP-24248"
},
{
"category": "external",
"summary": "JBEAP-24426",
"url": "https://issues.redhat.com/browse/JBEAP-24426"
},
{
"category": "external",
"summary": "JBEAP-24427",
"url": "https://issues.redhat.com/browse/JBEAP-24427"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0556.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"tracking": {
"current_release_date": "2025-02-14T16:58:23+00:00",
"generator": {
"date": "2025-02-14T16:58:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2023:0556",
"initial_release_date": "2023-01-31T13:18:26+00:00",
"revision_history": [
{
"date": "2023-01-31T13:18:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-31T13:18:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-14T16:58:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product_id": "Red Hat JBoss Enterprise Application Platform 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2016-10735",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668097"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the data-target attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10735"
},
{
"category": "external",
"summary": "RHBZ#1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
}
],
"release_date": "2016-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the data-target attribute"
},
{
"cve": "CVE-2017-18214",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1553413"
}
],
"notes": [
{
"category": "description",
"text": "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-moment: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18214"
},
{
"category": "external",
"summary": "RHBZ#1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214"
}
],
"release_date": "2017-09-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-moment: Regular expression denial of service"
},
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14041",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601616"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14041"
},
{
"category": "external",
"summary": "RHBZ#1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
},
{
"cve": "CVE-2022-3143",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124682"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: possible timing attacks via use of unsafe comparator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3143"
},
{
"category": "external",
"summary": "RHBZ#2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: possible timing attacks via use of unsafe comparator"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd: Java unsafe deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45047"
},
{
"category": "external",
"summary": "RHBZ#2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
"url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
}
],
"release_date": "2022-11-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
},
{
"category": "workaround",
"details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mina-sshd: Java unsafe deserialization vulnerability"
},
{
"cve": "CVE-2022-45693",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45693"
},
{
"category": "external",
"summary": "RHBZ#2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
},
{
"cve": "CVE-2022-46363",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155681"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: directory listing / code exfiltration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46363"
},
{
"category": "external",
"summary": "RHBZ#2155681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c",
"url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "CXF: directory listing / code exfiltration"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:18:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
}
]
}
rhsa-2020_0983
Vulnerability from csaf_redhat
Published
2020-03-26 15:46
Modified
2024-12-15 18:56
Summary
Red Hat Security Advisory: Red Hat Fuse 7.6.0 security update
Notes
Topic
A minor version update (from 7.5 to 7.6) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
[2020-04-17 update: descriptions for mutiple components fixed for the same CVE added; also added golang CVE descriptions that were unintentionally ommitted from the original publication]
Details
This release of Red Hat Fuse 7.6.0 serves as a replacement for Red Hat Fuse 7.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* golang: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* undertow: HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)
* undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* golang: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
* undertow: HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)
* undertow: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
* undertow: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)
* infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)
* spring-security-core: mishandling of user passwords allows logging in with a password of NULL (CVE-2019-11272)
* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)
* jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)
* xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response (CVE-2019-17570)
* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* logback: Serialization vulnerability in SocketServer and ServerSocketReceiver (CVE-2017-5929)
* js-jquery: XSS in responses from cross-origin ajax requests (CVE-2017-16012)
* apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip (CVE-2018-11771)
* spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher (CVE-2019-3802)
* undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)
* shiro: Cookie padding oracle vulnerability with default configuration (CVE-2019-12422)
* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. (CVE-2019-12814)
* jackson-databind: Polymorphic typing issue related to logback/JNDI (CVE-2019-14439)
* springframework: DoS Attack via Range Requests (CVE-2018-15756)
* c3p0: loading XML configuration leads to denial of service (CVE-2019-5427)
* undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A minor version update (from 7.5 to 7.6) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[2020-04-17 update: descriptions for mutiple components fixed for the same CVE added; also added golang CVE descriptions that were unintentionally ommitted from the original publication]",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat Fuse 7.6.0 serves as a replacement for Red Hat Fuse 7.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* golang: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* undertow: HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)\n\n* undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* golang: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n* undertow: HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* undertow: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\n* undertow: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\n* infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)\n\n* spring-security-core: mishandling of user passwords allows logging in with a password of NULL (CVE-2019-11272)\n\n* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)\n\n* jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)\n\n* xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response (CVE-2019-17570)\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* logback: Serialization vulnerability in SocketServer and ServerSocketReceiver (CVE-2017-5929)\n\n* js-jquery: XSS in responses from cross-origin ajax requests (CVE-2017-16012)\n\n* apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip (CVE-2018-11771)\n\n* spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher (CVE-2019-3802)\n\n* undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)\n\n* shiro: Cookie padding oracle vulnerability with default configuration (CVE-2019-12422)\n\n* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. (CVE-2019-12814)\n\n* jackson-databind: Polymorphic typing issue related to logback/JNDI (CVE-2019-14439)\n\n* springframework: DoS Attack via Range Requests (CVE-2018-15756)\n\n* c3p0: loading XML configuration leads to denial of service (CVE-2019-5427)\n\n* undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0983",
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.6.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.6.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1432858",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432858"
},
{
"category": "external",
"summary": "1591854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591854"
},
{
"category": "external",
"summary": "1618573",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618573"
},
{
"category": "external",
"summary": "1643043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643043"
},
{
"category": "external",
"summary": "1693777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693777"
},
{
"category": "external",
"summary": "1703469",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703469"
},
{
"category": "external",
"summary": "1709860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1709860"
},
{
"category": "external",
"summary": "1713068",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713068"
},
{
"category": "external",
"summary": "1725795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725795"
},
{
"category": "external",
"summary": "1725807",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725807"
},
{
"category": "external",
"summary": "1728993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728993"
},
{
"category": "external",
"summary": "1730316",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730316"
},
{
"category": "external",
"summary": "1735645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735645"
},
{
"category": "external",
"summary": "1735741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
},
{
"category": "external",
"summary": "1735744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744"
},
{
"category": "external",
"summary": "1735745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735745"
},
{
"category": "external",
"summary": "1735749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735749"
},
{
"category": "external",
"summary": "1737517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737517"
},
{
"category": "external",
"summary": "1741864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
},
{
"category": "external",
"summary": "1741868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
},
{
"category": "external",
"summary": "1752962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752962"
},
{
"category": "external",
"summary": "1774726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774726"
},
{
"category": "external",
"summary": "1775193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775193"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0983.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Fuse 7.6.0 security update",
"tracking": {
"current_release_date": "2024-12-15T18:56:11+00:00",
"generator": {
"date": "2024-12-15T18:56:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2020:0983",
"initial_release_date": "2020-03-26T15:46:59+00:00",
"revision_history": [
{
"date": "2020-03-26T15:46:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-04-20T07:19:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-15T18:56:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Fuse 7.6.0",
"product": {
"name": "Red Hat Fuse 7.6.0",
"product_id": "Red Hat Fuse 7.6.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_fuse:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Fuse"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2017-5929",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2017-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1432858"
}
],
"notes": [
{
"category": "description",
"text": "It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to execute arbitrary code through deserialization of custom gadget chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "logback: Serialization vulnerability in SocketServer and ServerSocketReceiver",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5929"
},
{
"category": "external",
"summary": "RHBZ#1432858",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432858"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5929",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5929"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5929",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5929"
}
],
"release_date": "2017-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "logback: Serialization vulnerability in SocketServer and ServerSocketReceiver"
},
{
"cve": "CVE-2017-16012",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-06-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1591854"
}
],
"notes": [
{
"category": "description",
"text": "[REJECTED CVE] This CVE has been rejected. This candidate is a duplicate of CVE-2015-9251. Note: All CVE users should reference CVE-2015-9251 instead of this candidate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "js-jquery: XSS in responses from cross-origin ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-16012"
},
{
"category": "external",
"summary": "RHBZ#1591854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16012"
}
],
"release_date": "2017-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "js-jquery: XSS in responses from cross-origin ajax requests"
},
{
"cve": "CVE-2018-11771",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618573"
}
],
"notes": [
{
"category": "description",
"text": "When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17\u0027s ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress\u0027 zip package.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-11771"
},
{
"category": "external",
"summary": "RHBZ#1618573",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618573"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-11771",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11771"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-11771",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11771"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread.html/b8da751fc0ca949534cdf2744111da6bb0349d2798fac94b0a50f330@%3Cannounce.apache.org%3E",
"url": "https://lists.apache.org/thread.html/b8da751fc0ca949534cdf2744111da6bb0349d2798fac94b0a50f330@%3Cannounce.apache.org%3E"
}
],
"release_date": "2018-08-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip"
},
{
"cve": "CVE-2018-12536",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2018-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1597418"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn\u0027t match a dynamic url-pattern, and is eventually handled by the DefaultServlet\u0027s static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: full server path revealed when using the default Error Handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12536"
},
{
"category": "external",
"summary": "RHBZ#1597418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597418"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12536",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12536"
}
],
"release_date": "2018-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "Information disclosure occurs when java.nio.file.InvalidPathException occurs and is handled by the default Jetty error handler. To protect against this, a custom error handler can be configured for that particular error or for a larger set of errors according to the documentation link below. Red Hat Product Security advises that production deployments on Jetty use custom error handlers to limit the information disclosed and to ensure effective logging of error conditions.\n\nhttp://www.eclipse.org/jetty/documentation/current/custom-error-pages.html",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jetty: full server path revealed when using the default Error Handling"
},
{
"cve": "CVE-2018-15756",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1643043"
}
],
"notes": [
{
"category": "description",
"text": "Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: DoS Attack via Range Requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The package rhvm-dependencies does not include the vulnerable spring-webmvc component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-15756"
},
{
"category": "external",
"summary": "RHBZ#1643043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643043"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-15756",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-15756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15756"
},
{
"category": "external",
"summary": "https://pivotal.io/security/cve-2018-15756",
"url": "https://pivotal.io/security/cve-2018-15756"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "springframework: DoS Attack via Range Requests"
},
{
"cve": "CVE-2019-3802",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1730316"
}
],
"notes": [
{
"category": "description",
"text": "This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3802"
},
{
"category": "external",
"summary": "RHBZ#1730316",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730316"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3802",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3802"
},
{
"category": "external",
"summary": "https://pivotal.io/security/cve-2019-3802",
"url": "https://pivotal.io/security/cve-2019-3802"
}
],
"release_date": "2019-07-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher"
},
{
"acknowledgments": [
{
"names": [
"Carter Kozak"
]
}
],
"cve": "CVE-2019-3888",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2019-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1693777"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-3888"
},
{
"category": "external",
"summary": "RHBZ#1693777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-3888",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3888"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3888",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3888"
}
],
"release_date": "2019-06-10T15:13:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed"
},
{
"cve": "CVE-2019-5427",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2019-04-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1709860"
}
],
"notes": [
{
"category": "description",
"text": "c3p0 version \u003c 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "c3p0: loading XML configuration leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 is not vulnerable to this issue, because the candlepin component who uses the c3p0 jar never passes a XML configuration file to c3p0, even though it includes a vulnerable version of the latter. Since this issue requires a XML files to be loaded by c3p0, an exploitation path doesn\u0027t exist.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5427"
},
{
"category": "external",
"summary": "RHBZ#1709860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1709860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5427",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5427"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5427",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5427"
}
],
"release_date": "2019-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "c3p0: loading XML configuration leads to denial of service"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9512",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735645"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using PING frames results in unbounded memory growth",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9512"
},
{
"category": "external",
"summary": "RHBZ#1735645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9512",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9512"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg",
"url": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA",
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html",
"url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using PING frames results in unbounded memory growth"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9513",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for packages nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9513"
},
{
"category": "external",
"summary": "RHBZ#1735741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9513",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9513"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/",
"url": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9514",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735744"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using HEADERS frames results in unbounded memory growth",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9514"
},
{
"category": "external",
"summary": "RHBZ#1735744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9514",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9514"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg",
"url": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA",
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html",
"url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using HEADERS frames results in unbounded memory growth"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9515",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735745"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using SETTINGS frames results in unbounded memory growth",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the version of grafana(embeds gRPC) as shipped with Red Hat Ceph Storage 3 as it include the support for HTTP/2.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9515"
},
{
"category": "external",
"summary": "RHBZ#1735745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735745"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9515",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9515"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html",
"url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using SETTINGS frames results in unbounded memory growth"
},
{
"cve": "CVE-2019-9516",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741864"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: 0-length headers lead to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9516"
},
{
"category": "external",
"summary": "RHBZ#1741864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9516",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9516"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/issues/1382#",
"url": "https://github.com/nghttp2/nghttp2/issues/1382#"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: 0-length headers lead to denial of service"
},
{
"cve": "CVE-2019-9517",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741868"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server\u0027s queue is setup, the responses can consume excess memory, CPU, or both, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: request for large response leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The package httpd versions as shipped with Red Hat Enterprise Linux 5, 6 and 7 are not affected by this issue as HTTP/2 support is not provided.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9517"
},
{
"category": "external",
"summary": "RHBZ#1741868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "The httpd version shipped with Red Hat Enterprise Linux 8 provides HTTP/2 support through mod_http2 package. While mod_http2 package is not updated, users can disable HTTP/2 support as mitigation action by executing the following steps:\n\n1. Stop httpd service:\n$ systemctl stop httpd\n\n2. Remove http/2 protocol support from configuration files:\n$ sed -i \u0027s/\\(h2\\)\\|\\(h2c\\)//g\u0027 \u003chttpd_config_file\u003e\n\n3. Validate configuration files to make sure all syntax is valid:\n$ apachectl configtest\n\n4. Restart httpd service:\n$ systemctl start httpd",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: request for large response leads to denial of service"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735749"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using empty frames results in excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9518"
},
{
"category": "external",
"summary": "RHBZ#1735749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using empty frames results in excessive resource consumption"
},
{
"cve": "CVE-2019-10174",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2018-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1703469"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan\u0027s privileges. The attacker can use reflection to introduce new, malicious behavior into the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight contains the vulnerable library. This library is a requirement of other dependencies (Karaf and Hibernate). Under supported deployments, the vulnerable functionality is not utilized. Based on this, no OpenDaylight versions will not be fixed.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10174"
},
{
"category": "external",
"summary": "RHBZ#1703469",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703469"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10174",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10174"
}
],
"release_date": "2019-11-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "There is no known mitigation for this issue.",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods"
},
{
"acknowledgments": [
{
"names": [
"Christian Schl\u00fcter"
],
"organization": "Viada"
}
],
"cve": "CVE-2019-10184",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"discovery_date": "2019-03-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1713068"
}
],
"notes": [
{
"category": "description",
"text": "undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Information leak in requests for directories without trailing slashes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10184"
},
{
"category": "external",
"summary": "RHBZ#1713068",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713068"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10184",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10184"
}
],
"release_date": "2019-07-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undertow: Information leak in requests for directories without trailing slashes"
},
{
"cve": "CVE-2019-10241",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1705924"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of jetty which is embedded in the nutch package as shipped with Red Hat Satellite 5. The jetty server is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low in the context of Red Hat Satellite 5. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10241"
},
{
"category": "external",
"summary": "RHBZ#1705924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10241",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10241"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10241",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10241"
}
],
"release_date": "2019-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions"
},
{
"cve": "CVE-2019-10247",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1705993"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: error path information disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of jetty which is embedded in the nutch package as shipped with Red Hat Satellite 5. The jetty server is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low in the context of Red Hat Satellite 5. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10247"
},
{
"category": "external",
"summary": "RHBZ#1705993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705993"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10247",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10247"
}
],
"release_date": "2019-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jetty: error path information disclosure"
},
{
"cve": "CVE-2019-11272",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2019-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1728993"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Security in several versions, in the use of plain text passwords using the PlaintextPasswordEncoder. If an application is using an affected version of Spring Security with the PlaintextPasswordEncoder and a user has a null encoded password, an attacker can use this flaw to authenticate using a password of \"null.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security-core: mishandling of user passwords allows logging in with a password of NULL",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight versions 9 and 10 contain the vulnerable code. However, these OpenDaylight versions were released as technical preview with limited support and will therefore not be updated. Other OpenDaylight versions do not contain the vulnerable library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11272"
},
{
"category": "external",
"summary": "RHBZ#1728993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728993"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11272",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11272"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11272",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11272"
},
{
"category": "external",
"summary": "https://pivotal.io/security/cve-2019-11272",
"url": "https://pivotal.io/security/cve-2019-11272"
}
],
"release_date": "2019-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "spring-security-core: mishandling of user passwords allows logging in with a password of NULL"
},
{
"cve": "CVE-2019-12384",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1725807"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind in versions prior to 2.9.9. The vulnerability would permit polymorphic deserialization of malicious objects using the logback-core gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. Depending on the classpath content, remote code execution may be possible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack\u0027s OpenDaylight does not use logback in any supported configuration. Therefore, the prerequisites for this vulnerability are not present and OpenDaylight is not affected.\n\nThis vulnerability relies on logback-core (ch.qos.logback.core) being present in the application\u0027s ClassPath. Logback-core is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use logback-core are not impacted by this vulnerability.\n\nThis issue affects the versions of jackson-databind bundled with candlepin as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12384"
},
{
"category": "external",
"summary": "RHBZ#1725807",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725807"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12384"
}
],
"release_date": "2019-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution"
},
{
"cve": "CVE-2019-12422",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-11-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1774726"
}
],
"notes": [
{
"category": "description",
"text": "Apache Shiro before 1.4.2, when using the default \"remember me\" configuration, cookies could be susceptible to a padding attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shiro: Cookie padding oracle vulnerability with default configuration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12422"
},
{
"category": "external",
"summary": "RHBZ#1774726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12422",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12422"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12422",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12422"
}
],
"release_date": "2019-11-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "shiro: Cookie padding oracle vulnerability with default configuration"
},
{
"cve": "CVE-2019-12814",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1725795"
}
],
"notes": [
{
"category": "description",
"text": "A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Red Hat Satellite 6 does not include the jdom or jdom2 packages, thus it is not affected by this vulnerability. \n* Red Hat OpenStack\u0027s OpenDaylight does not include the jdom or jdom2 packages, thus it is not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12814"
},
{
"category": "external",
"summary": "RHBZ#1725795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12814"
}
],
"release_date": "2019-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "This vulnerability relies on jdom (org.jdom) or jdom2 (org.jdom2) being present in the application\u0027s ClassPath. Applications using jackson-databind that do not also use jdom or jdom2 are not impacted by this vulnerability.",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message."
},
{
"cve": "CVE-2019-14379",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-07-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1737517"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: default typing mishandling leading to remote code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nSimilarly, Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14379"
},
{
"category": "external",
"summary": "RHBZ#1737517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737517"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14379"
}
],
"release_date": "2019-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: default typing mishandling leading to remote code execution"
},
{
"cve": "CVE-2019-14439",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1752962"
}
],
"notes": [
{
"category": "description",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Polymorphic typing issue related to logback/JNDI",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight provided as part of Red Hat OpenStack does not utilize logback when used in a supported configuration. Therefore, the prerequisites for this vulnerability are not present and OpenDaylight is not affected.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14439"
},
{
"category": "external",
"summary": "RHBZ#1752962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752962"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14439",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14439"
}
],
"release_date": "2019-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Polymorphic typing issue related to logback/JNDI"
},
{
"acknowledgments": [
{
"names": [
"Guillaume Teissier"
],
"organization": "Orange"
}
],
"cve": "CVE-2019-17570",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-11-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1775193"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered where the XMLRPC client implementation in Apache XMLRPC, performed deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious or compromised XMLRPC server could possibly use this flaw to execute arbitrary code with the privileges of an application using the Apache XMLRPC client library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7 provides vulnerable version of xmlrpc via the Optional repository. As the Optional repository is not supported, this issue is not planned to be addressed there.\n\nRed Hat Virtualization Manager uses xmlrpc only for internal communication with the scheduler. Since this is a component of the Manager itself, it is not subject to attacker influence and does not represent an attack surface.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.6.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17570"
},
{
"category": "external",
"summary": "RHBZ#1775193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775193"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17570",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17570"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17570",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17570"
},
{
"category": "external",
"summary": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-x2r6-4m45-m4jp",
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-x2r6-4m45-m4jp"
}
],
"release_date": "2020-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-26T15:46:59+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.6.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/",
"product_ids": [
"Red Hat Fuse 7.6.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the Apache XMLRPC client library from sending requests to untrusted XMLRPC servers.",
"product_ids": [
"Red Hat Fuse 7.6.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.6.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response"
}
]
}
rhsa-2023:0553
Vulnerability from csaf_redhat
Published
2023-01-31 13:12
Modified
2025-02-14 16:58
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jquery: Prototype pollution in object's prototype leading to denial of
service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
(CVE-2018-14040)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM
manipulation methods (CVE-2020-11023)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
(CVE-2020-11022)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
(CVE-2018-14041)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability
(CVE-2022-45047)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of
Service attacks (CVE-2022-40152)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute
(CVE-2019-8331)
* nodejs-moment: Regular expression denial of service (CVE-2017-18214)
* wildfly-elytron: possible timing attacks via use of unsafe comparator
(CVE-2022-3143)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
(CVE-2022-42003)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data
(CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n(CVE-2018-14040)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n(CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy\n(CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability\n(CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator\n(CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n(CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data\n(CVE-2022-40150)\n\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0553",
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "JBEAP-23864",
"url": "https://issues.redhat.com/browse/JBEAP-23864"
},
{
"category": "external",
"summary": "JBEAP-23865",
"url": "https://issues.redhat.com/browse/JBEAP-23865"
},
{
"category": "external",
"summary": "JBEAP-23866",
"url": "https://issues.redhat.com/browse/JBEAP-23866"
},
{
"category": "external",
"summary": "JBEAP-23927",
"url": "https://issues.redhat.com/browse/JBEAP-23927"
},
{
"category": "external",
"summary": "JBEAP-24055",
"url": "https://issues.redhat.com/browse/JBEAP-24055"
},
{
"category": "external",
"summary": "JBEAP-24081",
"url": "https://issues.redhat.com/browse/JBEAP-24081"
},
{
"category": "external",
"summary": "JBEAP-24095",
"url": "https://issues.redhat.com/browse/JBEAP-24095"
},
{
"category": "external",
"summary": "JBEAP-24100",
"url": "https://issues.redhat.com/browse/JBEAP-24100"
},
{
"category": "external",
"summary": "JBEAP-24127",
"url": "https://issues.redhat.com/browse/JBEAP-24127"
},
{
"category": "external",
"summary": "JBEAP-24128",
"url": "https://issues.redhat.com/browse/JBEAP-24128"
},
{
"category": "external",
"summary": "JBEAP-24132",
"url": "https://issues.redhat.com/browse/JBEAP-24132"
},
{
"category": "external",
"summary": "JBEAP-24147",
"url": "https://issues.redhat.com/browse/JBEAP-24147"
},
{
"category": "external",
"summary": "JBEAP-24167",
"url": "https://issues.redhat.com/browse/JBEAP-24167"
},
{
"category": "external",
"summary": "JBEAP-24191",
"url": "https://issues.redhat.com/browse/JBEAP-24191"
},
{
"category": "external",
"summary": "JBEAP-24195",
"url": "https://issues.redhat.com/browse/JBEAP-24195"
},
{
"category": "external",
"summary": "JBEAP-24207",
"url": "https://issues.redhat.com/browse/JBEAP-24207"
},
{
"category": "external",
"summary": "JBEAP-24248",
"url": "https://issues.redhat.com/browse/JBEAP-24248"
},
{
"category": "external",
"summary": "JBEAP-24426",
"url": "https://issues.redhat.com/browse/JBEAP-24426"
},
{
"category": "external",
"summary": "JBEAP-24427",
"url": "https://issues.redhat.com/browse/JBEAP-24427"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0553.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"tracking": {
"current_release_date": "2025-02-14T16:58:54+00:00",
"generator": {
"date": "2025-02-14T16:58:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2023:0553",
"initial_release_date": "2023-01-31T13:12:13+00:00",
"revision_history": [
{
"date": "2023-01-31T13:12:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-31T13:12:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-14T16:58:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.3-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"product_id": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.7-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"product_id": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_id": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"product_id": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"product_id": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el8eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.3-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-javaee-security-soteria-enterprise@1.0.1-3.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.5.2-1.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_id": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-1.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.22-1.SP3_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.16-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.2-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.49-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-6.SP07_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-backend-jgroups@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-backend-jms@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-engine@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-orm@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-search-serialization-avro@5.10.13-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.16-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.16-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-24.Final_redhat_00023.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-24.Final_redhat_00023.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-24.Final_redhat_00023.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.9-4.GA_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.9-4.GA_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.9-4.GA_redhat_00003.1.el8eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2016-10735",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668097"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the data-target attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10735"
},
{
"category": "external",
"summary": "RHBZ#1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
}
],
"release_date": "2016-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the data-target attribute"
},
{
"cve": "CVE-2017-18214",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-03-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1553413"
}
],
"notes": [
{
"category": "description",
"text": "The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-moment: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18214"
},
{
"category": "external",
"summary": "RHBZ#1553413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553413"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18214"
}
],
"release_date": "2017-09-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-moment: Regular expression denial of service"
},
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14041",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601616"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14041"
},
{
"category": "external",
"summary": "RHBZ#1601616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
},
{
"cve": "CVE-2022-3143",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124682"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: possible timing attacks via use of unsafe comparator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3143"
},
{
"category": "external",
"summary": "RHBZ#2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: possible timing attacks via use of unsafe comparator"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd: Java unsafe deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45047"
},
{
"category": "external",
"summary": "RHBZ#2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
"url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
}
],
"release_date": "2022-11-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
},
{
"category": "workaround",
"details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mina-sshd: Java unsafe deserialization vulnerability"
},
{
"cve": "CVE-2022-45693",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45693"
},
{
"category": "external",
"summary": "RHBZ#2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-31T13:12:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.13-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.13-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-1.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.49-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-6.SP07_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-24.Final_redhat_00023.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-24.Final_redhat_00023.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jettison-0:1.5.2-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.22-1.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
}
]
}
rhsa-2020:4670
Vulnerability from csaf_redhat
Published
2020-11-04 01:31
Modified
2024-11-22 14:43
Summary
Red Hat Security Advisory: idm:DL1 and idm:client security, bug fix, and enhancement update
Notes
Topic
An update for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.
The following packages have been upgraded to a later upstream version: ipa (4.8.7), softhsm (2.6.0), opendnssec (2.1.6). (BZ#1759888, BZ#1818765, BZ#1818877)
Security Fix(es):
* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)
* bootstrap: XSS in the affix configuration target property (CVE-2018-20677)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* js-jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* ipa: No password length restriction leads to denial of service (CVE-2020-1722)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. \n\nThe following packages have been upgraded to a later upstream version: ipa (4.8.7), softhsm (2.6.0), opendnssec (2.1.6). (BZ#1759888, BZ#1818765, BZ#1818877)\n\nSecurity Fix(es):\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)\n\n* bootstrap: XSS in the affix configuration target property (CVE-2018-20677)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* js-jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* ipa: No password length restriction leads to denial of service (CVE-2020-1722)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4670",
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1430365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430365"
},
{
"category": "external",
"summary": "1488732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488732"
},
{
"category": "external",
"summary": "1585020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585020"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1651577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1651577"
},
{
"category": "external",
"summary": "1668082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668082"
},
{
"category": "external",
"summary": "1668089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668089"
},
{
"category": "external",
"summary": "1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1701233",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701233"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1746830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1746830"
},
{
"category": "external",
"summary": "1750893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1750893"
},
{
"category": "external",
"summary": "1751295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1751295"
},
{
"category": "external",
"summary": "1757045",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757045"
},
{
"category": "external",
"summary": "1759888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1759888"
},
{
"category": "external",
"summary": "1768156",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1768156"
},
{
"category": "external",
"summary": "1777806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1777806"
},
{
"category": "external",
"summary": "1793071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793071"
},
{
"category": "external",
"summary": "1801698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801698"
},
{
"category": "external",
"summary": "1802471",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802471"
},
{
"category": "external",
"summary": "1809835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809835"
},
{
"category": "external",
"summary": "1810154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1810154"
},
{
"category": "external",
"summary": "1810179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1810179"
},
{
"category": "external",
"summary": "1813330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813330"
},
{
"category": "external",
"summary": "1816784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816784"
},
{
"category": "external",
"summary": "1818765",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1818765"
},
{
"category": "external",
"summary": "1818877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1818877"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1831732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831732"
},
{
"category": "external",
"summary": "1831935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831935"
},
{
"category": "external",
"summary": "1832331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1832331"
},
{
"category": "external",
"summary": "1833266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833266"
},
{
"category": "external",
"summary": "1834264",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834264"
},
{
"category": "external",
"summary": "1834909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834909"
},
{
"category": "external",
"summary": "1845211",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845211"
},
{
"category": "external",
"summary": "1845537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845537"
},
{
"category": "external",
"summary": "1845596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845596"
},
{
"category": "external",
"summary": "1846352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846352"
},
{
"category": "external",
"summary": "1846434",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846434"
},
{
"category": "external",
"summary": "1847999",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847999"
},
{
"category": "external",
"summary": "1849914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849914"
},
{
"category": "external",
"summary": "1851411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851411"
},
{
"category": "external",
"summary": "1852244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852244"
},
{
"category": "external",
"summary": "1853263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853263"
},
{
"category": "external",
"summary": "1857157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857157"
},
{
"category": "external",
"summary": "1858318",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1858318"
},
{
"category": "external",
"summary": "1859213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1859213"
},
{
"category": "external",
"summary": "1863079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1863079"
},
{
"category": "external",
"summary": "1863616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1863616"
},
{
"category": "external",
"summary": "1866291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866291"
},
{
"category": "external",
"summary": "1866938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866938"
},
{
"category": "external",
"summary": "1868432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868432"
},
{
"category": "external",
"summary": "1869311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869311"
},
{
"category": "external",
"summary": "1870202",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1870202"
},
{
"category": "external",
"summary": "1874015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874015"
},
{
"category": "external",
"summary": "1875348",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1875348"
},
{
"category": "external",
"summary": "1879604",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879604"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4670.json"
}
],
"title": "Red Hat Security Advisory: idm:DL1 and idm:client security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T14:43:17+00:00",
"generator": {
"date": "2024-11-22T14:43:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:4670",
"initial_release_date": "2020-11-04T01:31:18+00:00",
"revision_history": [
{
"date": "2020-11-04T01:31:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-04T01:31:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:43:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "idm:DL1:8030020200923172343:9c827e52",
"product": {
"name": "idm:DL1:8030020200923172343:9c827e52",
"product_id": "idm:DL1:8030020200923172343:9c827e52",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/idm@DL1:8030020200923172343:9c827e52"
}
}
},
{
"category": "product_version",
"name": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"product": {
"name": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"product_id": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/custodia@0.6.0-3.module%2Bel8.1.0%2B4098%2Bf286395e?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-common@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-common@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"product": {
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"product_id": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-healthcheck@0.4-6.module%2Bel8.3.0%2B7710%2Be2408ce4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"product": {
"name": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"product_id": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-healthcheck-core@0.4-6.module%2Bel8.3.0%2B7710%2Be2408ce4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-python-compat@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-selinux@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-common@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-dns@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"product": {
"name": "python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"product_id": "python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-custodia@0.6.0-3.module%2Bel8.1.0%2B4098%2Bf286395e?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ipaclient@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ipalib@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product": {
"name": "python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_id": "python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ipaserver@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"product": {
"name": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"product_id": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-jwcrypto@0.5.0-1.module%2Bel8.1.0%2B4098%2Bf286395e?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"product": {
"name": "python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"product_id": "python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-kdcproxy@0.4-5.module%2Bel8.2.0%2B4691%2Ba05b2456?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"product": {
"name": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"product_id": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pyusb@1.0.0-9.module%2Bel8.1.0%2B4098%2Bf286395e?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"product": {
"name": "python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"product_id": "python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qrcode@5.1-12.module%2Bel8.1.0%2B4098%2Bf286395e?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"product": {
"name": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"product_id": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qrcode-core@5.1-12.module%2Bel8.1.0%2B4098%2Bf286395e?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"product": {
"name": "python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"product_id": "python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-yubico@1.3.2-9.module%2Bel8.1.0%2B4098%2Bf286395e?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "idm:client:8030020200923172426:05ac3f11",
"product": {
"name": "idm:client:8030020200923172426:05ac3f11",
"product_id": "idm:client:8030020200923172426:05ac3f11",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/idm@client:8030020200923172426:05ac3f11"
}
}
},
{
"category": "product_version",
"name": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product": {
"name": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_id": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-common@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product": {
"name": "ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_id": "ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-common@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"product": {
"name": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"product_id": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-healthcheck-core@0.4-6.module%2Bel8.3.0%2B7711%2Bc4441980?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product": {
"name": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_id": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-python-compat@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product": {
"name": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_id": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-selinux@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product": {
"name": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_id": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ipaclient@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product": {
"name": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_id": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ipalib@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"product": {
"name": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"product_id": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-jwcrypto@0.5.0-1.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"product": {
"name": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"product_id": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pyusb@1.0.0-9.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"product": {
"name": "python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"product_id": "python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qrcode@5.1-12.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"product": {
"name": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"product_id": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qrcode-core@5.1-12.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"product": {
"name": "python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"product_id": "python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-yubico@1.3.2-9.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"product": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"product_id": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=src"
}
}
},
{
"category": "product_version",
"name": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"product": {
"name": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"product_id": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/custodia@0.6.0-3.module%2Bel8.1.0%2B4098%2Bf286395e?arch=src"
}
}
},
{
"category": "product_version",
"name": "ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"product": {
"name": "ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"product_id": "ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=src"
}
}
},
{
"category": "product_version",
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"product": {
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"product_id": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-healthcheck@0.4-6.module%2Bel8.3.0%2B7710%2Be2408ce4?arch=src"
}
}
},
{
"category": "product_version",
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"product": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"product_id": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"product": {
"name": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"product_id": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-jwcrypto@0.5.0-1.module%2Bel8.1.0%2B4098%2Bf286395e?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"product": {
"name": "python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"product_id": "python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-kdcproxy@0.4-5.module%2Bel8.2.0%2B4691%2Ba05b2456?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"product": {
"name": "python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"product_id": "python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-qrcode@5.1-12.module%2Bel8.1.0%2B4098%2Bf286395e?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"product": {
"name": "python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"product_id": "python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-yubico@1.3.2-9.module%2Bel8.1.0%2B4098%2Bf286395e?arch=src"
}
}
},
{
"category": "product_version",
"name": "pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"product": {
"name": "pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"product_id": "pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pyusb@1.0.0-9.module%2Bel8.1.0%2B4098%2Bf286395e?arch=src"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"product": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"product_id": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=src"
}
}
},
{
"category": "product_version",
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"product": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"product_id": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=src"
}
}
},
{
"category": "product_version",
"name": "ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"product": {
"name": "ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"product_id": "ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=src"
}
}
},
{
"category": "product_version",
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"product": {
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"product_id": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-healthcheck@0.4-6.module%2Bel8.3.0%2B7711%2Bc4441980?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"product": {
"name": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"product_id": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-jwcrypto@0.5.0-1.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"product": {
"name": "python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"product_id": "python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-qrcode@5.1-12.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"product": {
"name": "python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"product_id": "python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-yubico@1.3.2-9.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=src"
}
}
},
{
"category": "product_version",
"name": "pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src",
"product": {
"name": "pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src",
"product_id": "pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pyusb@1.0.0-9.module%2Bel8.1.0%2B4107%2B4a66eb87?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product_id": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product_id": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debuginfo@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product_id": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debugsource@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product_id": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product_id": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debuginfo@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product_id": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debugsource@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debuginfo@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product_id": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debugsource@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_id": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_id": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debuginfo@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_id": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debugsource@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_id": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-devel@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product_id": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product_id": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debuginfo@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product_id": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debugsource@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product_id": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product_id": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debuginfo@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product_id": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debugsource@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debuginfo@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product_id": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debugsource@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_id": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_id": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debuginfo@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_id": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debugsource@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_id": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-devel@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product_id": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product_id": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debuginfo@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product_id": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debugsource@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product_id": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product_id": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debuginfo@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product_id": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debugsource@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debuginfo@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_id": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debugsource@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_id": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_id": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debuginfo@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_id": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debugsource@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_id": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-devel@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product_id": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product_id": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debuginfo@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product_id": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bind-dyndb-ldap-debugsource@11.3-1.module%2Bel8.3.0%2B6993%2B104f8db0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product_id": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product_id": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debuginfo@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product_id": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/opendnssec-debugsource@2.1.6-2.module%2Bel8.3.0%2B6580%2B328a3362?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debuginfo@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product_id": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slapi-nis-debugsource@0.56.5-4.module%2Bel8.3.0%2B8222%2Bc1bff54a?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_id": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_id": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debuginfo@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_id": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-debugsource@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_id": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/softhsm-devel@2.6.0-3.module%2Bel8.3.0%2B6909%2Bfb33717d?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_id": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_id": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_id": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-epn@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_id": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-samba@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_id": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_id": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debugsource@4.8.7-12.module%2Bel8.3.0%2B8223%2B6212645f?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
"product_reference": "idm:DL1:8030020200923172343:9c827e52",
"relates_to_product_reference": "AppStream-8.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64"
},
"product_reference": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le"
},
"product_reference": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x"
},
"product_reference": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src"
},
"product_reference": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64"
},
"product_reference": "bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64"
},
"product_reference": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le"
},
"product_reference": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x"
},
"product_reference": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64"
},
"product_reference": "bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64"
},
"product_reference": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le"
},
"product_reference": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x"
},
"product_reference": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64"
},
"product_reference": "bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch"
},
"product_reference": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src"
},
"product_reference": "custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src"
},
"product_reference": "ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch"
},
"product_reference": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src"
},
"product_reference": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch"
},
"product_reference": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64"
},
"product_reference": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le"
},
"product_reference": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x"
},
"product_reference": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src"
},
"product_reference": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64"
},
"product_reference": "opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64"
},
"product_reference": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le"
},
"product_reference": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x"
},
"product_reference": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64"
},
"product_reference": "opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64"
},
"product_reference": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le"
},
"product_reference": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x"
},
"product_reference": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64"
},
"product_reference": "opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src"
},
"product_reference": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src"
},
"product_reference": "python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src"
},
"product_reference": "python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src"
},
"product_reference": "python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch"
},
"product_reference": "python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch"
},
"product_reference": "python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch"
},
"product_reference": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch"
},
"product_reference": "python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch"
},
"product_reference": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch"
},
"product_reference": "python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch"
},
"product_reference": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch"
},
"product_reference": "python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src"
},
"product_reference": "pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src"
},
"product_reference": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64"
},
"product_reference": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le"
},
"product_reference": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x"
},
"product_reference": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64"
},
"product_reference": "slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64"
},
"product_reference": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le"
},
"product_reference": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x"
},
"product_reference": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src"
},
"product_reference": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64"
},
"product_reference": "softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64"
},
"product_reference": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le"
},
"product_reference": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x"
},
"product_reference": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64"
},
"product_reference": "softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64"
},
"product_reference": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le"
},
"product_reference": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x"
},
"product_reference": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64"
},
"product_reference": "softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64"
},
"product_reference": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le"
},
"product_reference": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x"
},
"product_reference": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64 as a component of idm:DL1:8030020200923172343:9c827e52 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64"
},
"product_reference": "softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
"product_reference": "idm:client:8030020200923172426:05ac3f11",
"relates_to_product_reference": "AppStream-8.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src"
},
"product_reference": "ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64"
},
"product_reference": "ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch"
},
"product_reference": "ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64"
},
"product_reference": "ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64"
},
"product_reference": "ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64"
},
"product_reference": "ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch"
},
"product_reference": "ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64 as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64"
},
"product_reference": "ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src"
},
"product_reference": "ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch"
},
"product_reference": "ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch"
},
"product_reference": "ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch"
},
"product_reference": "ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src"
},
"product_reference": "python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src"
},
"product_reference": "python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src"
},
"product_reference": "python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch"
},
"product_reference": "python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch"
},
"product_reference": "python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch"
},
"product_reference": "python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch"
},
"product_reference": "python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch"
},
"product_reference": "python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch"
},
"product_reference": "python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch"
},
"product_reference": "python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src as a component of idm:client:8030020200923172426:05ac3f11 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
},
"product_reference": "pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2016-10735",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668097"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the data-target attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10735"
},
{
"category": "external",
"summary": "RHBZ#1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
}
],
"release_date": "2016-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the data-target attribute"
},
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2018-20676",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668082"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip data-viewport attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions do not use the vulnerable component at all.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20676"
},
{
"category": "external",
"summary": "RHBZ#1668082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20676",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20676"
}
],
"release_date": "2018-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the tooltip data-viewport attribute"
},
{
"cve": "CVE-2018-20677",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668089"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the affix configuration target property",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions do not use the vulnerable component at all.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20677"
},
{
"category": "external",
"summary": "RHBZ#1668089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668089"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20677",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20677"
}
],
"release_date": "2018-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the affix configuration target property"
},
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"acknowledgments": [
{
"names": [
"Pritam Singh"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-1722",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in IPA. When sending a very long password (\u003e= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ipa: No password length restriction leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1722"
},
{
"category": "external",
"summary": "RHBZ#1793071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1722",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1722"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1722",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1722"
}
],
"release_date": "2020-04-14T04:26:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ipa: No password length restriction leads to denial of service"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e.noarch",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.src",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.s390x",
"AppStream-8.3.0.GA:idm:DL1:8030020200923172343:9c827e52:softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-0:4.8.7-12.module+el8.3.0+8223+6212645f.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.aarch64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.s390x",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f.x86_64",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-0:0.4-6.module+el8.3.0+7711+c4441980.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.src",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch",
"AppStream-8.3.0.GA:idm:client:8030020200923172426:05ac3f11:pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
}
]
}
rhsa-2020_0729
Vulnerability from csaf_redhat
Published
2020-03-05 13:12
Modified
2024-11-15 04:15
Summary
Red Hat Security Advisory: Red Hat Data Grid 7.3.5 security update
Notes
Topic
An update for Red Hat Data Grid is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.
This release of Red Hat Data Grid 7.3.5 serves as a replacement for Red Hat Data Grid 7.3.4 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.
Security Fix(es):
* undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888)
* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* jackson-databind: Serialization gadgets in classes of the commons-configuration package (CVE-2019-14892)
* jackson-databind: Serialization gadgets in classes of the xalan package (CVE-2019-14893)
* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Data Grid is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.\n\nThis release of Red Hat Data Grid 7.3.5 serves as a replacement for Red Hat Data Grid 7.3.4 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.\n\nSecurity Fix(es):\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888)\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* jackson-databind: Serialization gadgets in classes of the commons-configuration package (CVE-2019-14892)\n\n* jackson-databind: Serialization gadgets in classes of the xalan package (CVE-2019-14893)\n\n* jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0729",
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381\u0026product=data.grid\u0026version=7.3\u0026downloadType=patches",
"url": "https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381\u0026product=data.grid\u0026version=7.3\u0026downloadType=patches"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "1772464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0729.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Data Grid 7.3.5 security update",
"tracking": {
"current_release_date": "2024-11-15T04:15:49+00:00",
"generator": {
"date": "2024-11-15T04:15:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:0729",
"initial_release_date": "2020-03-05T13:12:44+00:00",
"revision_history": [
{
"date": "2020-03-05T13:12:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-03-05T13:12:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T04:15:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Data Grid 7.3.5",
"product": {
"name": "Red Hat Data Grid 7.3.5",
"product_id": "Red Hat Data Grid 7.3.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_data_grid:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Data Grid"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-05T13:12:44+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.5 server patch from the customer portal.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.5 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.3.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"acknowledgments": [
{
"names": [
"Henning Baldersheim",
"H\u00e5vard Pettersen"
],
"organization": "Verizon Media"
}
],
"cve": "CVE-2019-14888",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1772464"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14888"
},
{
"category": "external",
"summary": "RHBZ#1772464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14888",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14888"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888"
}
],
"release_date": "2020-01-20T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-05T13:12:44+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.5 server patch from the customer portal.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.5 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
},
{
"category": "workaround",
"details": "Enable HTTP2 (enable-http2=\"true\") in the undertow\u0027s HTTPS settings.",
"product_ids": [
"Red Hat Data Grid 7.3.5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.3.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS"
},
{
"cve": "CVE-2019-14892",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the commons-configuration package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14892"
},
{
"category": "external",
"summary": "RHBZ#1758171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14892"
}
],
"release_date": "2019-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-05T13:12:44+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.5 server patch from the customer portal.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.5 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.3.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the commons-configuration package"
},
{
"cve": "CVE-2019-14893",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in classes of the xalan package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14893"
},
{
"category": "external",
"summary": "RHBZ#1758182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893"
}
],
"release_date": "2019-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-05T13:12:44+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.5 server patch from the customer portal.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.5 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Data Grid 7.3.5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.3.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in classes of the xalan package"
},
{
"cve": "CVE-2019-16335",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1755831"
}
],
"notes": [
{
"category": "description",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nSatellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.5"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16335"
},
{
"category": "external",
"summary": "RHBZ#1755831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335"
}
],
"release_date": "2019-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-05T13:12:44+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.5 server patch from the customer portal.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.5 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.5"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
},
{
"category": "workaround",
"details": "This vulnerability relies on com.zaxxer.hikari.HikariDataSource being present in the application\u0027s ClassPath. Hikari is not packaged as an RPM for Red Hat Enterprise Linux or Red Hat Software Collections. Applications using jackson-databind that do not also use com.zaxxer.hikari are not impacted by this vulnerability.\n\nA mitigation to this class of problem in jackson-databind is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"Red Hat Data Grid 7.3.5"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.3.5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource"
}
]
}
rhsa-2020:4847
Vulnerability from csaf_redhat
Published
2020-11-04 01:39
Modified
2025-02-14 16:58
Summary
Red Hat Security Advisory: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
Notes
Topic
An update for the pki-core:10.6 and pki-deps:10.6 modules is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.
Security Fix(es):
* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
* pki: Dogtag's python client does not validate certificates (CVE-2020-15720)
* pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146)
* pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab (CVE-2019-10179)
* pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221)
* pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the pki-core:10.6 and pki-deps:10.6 modules is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.\n\nSecurity Fix(es):\n\n* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n\n* pki: Dogtag\u0027s python client does not validate certificates (CVE-2020-15720)\n\n* pki-core: Reflected XSS in \u0027path length\u0027 constraint field in CA\u0027s Agent page (CVE-2019-10146)\n\n* pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA\u0027s DRM agent page in authorize recovery tab (CVE-2019-10179)\n\n* pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221)\n\n* pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4847",
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1376706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376706"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1406505",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406505"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1666907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666907"
},
{
"category": "external",
"summary": "1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1695901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695901"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1706521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1706521"
},
{
"category": "external",
"summary": "1710171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1710171"
},
{
"category": "external",
"summary": "1721684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1721684"
},
{
"category": "external",
"summary": "1724433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724433"
},
{
"category": "external",
"summary": "1732565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732565"
},
{
"category": "external",
"summary": "1732981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732981"
},
{
"category": "external",
"summary": "1777579",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1777579"
},
{
"category": "external",
"summary": "1805541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805541"
},
{
"category": "external",
"summary": "1817247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817247"
},
{
"category": "external",
"summary": "1821851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821851"
},
{
"category": "external",
"summary": "1822246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822246"
},
{
"category": "external",
"summary": "1824939",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824939"
},
{
"category": "external",
"summary": "1824948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824948"
},
{
"category": "external",
"summary": "1825998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825998"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1842734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842734"
},
{
"category": "external",
"summary": "1842736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842736"
},
{
"category": "external",
"summary": "1843537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843537"
},
{
"category": "external",
"summary": "1845447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845447"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "1854043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854043"
},
{
"category": "external",
"summary": "1854959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854959"
},
{
"category": "external",
"summary": "1855273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855273"
},
{
"category": "external",
"summary": "1855319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855319"
},
{
"category": "external",
"summary": "1856368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856368"
},
{
"category": "external",
"summary": "1857933",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857933"
},
{
"category": "external",
"summary": "1861911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861911"
},
{
"category": "external",
"summary": "1869893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869893"
},
{
"category": "external",
"summary": "1871064",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871064"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
},
{
"category": "external",
"summary": "1873235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873235"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4847.json"
}
],
"title": "Red Hat Security Advisory: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-02-14T16:58:36+00:00",
"generator": {
"date": "2025-02-14T16:58:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.1"
}
},
"id": "RHSA-2020:4847",
"initial_release_date": "2020-11-04T01:39:43+00:00",
"revision_history": [
{
"date": "2020-11-04T01:39:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-04T01:39:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-14T16:58:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pki-deps:10.6:8030020200527165326:30b713e6",
"product": {
"name": "pki-deps:10.6:8030020200527165326:30b713e6",
"product_id": "pki-deps:10.6:8030020200527165326:30b713e6",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/pki-deps@10.6:8030020200527165326:30b713e6"
}
}
},
{
"category": "product_version",
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-collections@3.2.2-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-lang@2.6-21.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"product": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"product_id": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-net@3.6-3.module%2Bel8.3.0%2B6805%2B72837426?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bea-stax-api@1.2.0-16.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-fastinfoset@1.2.13-9.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-api@2.2.12-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-core@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-runtime@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-txw2@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product": {
"name": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product_id": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-annotations@2.10.0-1.module%2Bel8.2.0%2B5059%2B3eb3af25?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product": {
"name": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product_id": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-core@2.10.0-1.module%2Bel8.2.0%2B5059%2B3eb3af25?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product": {
"name": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product_id": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-databind@2.10.0-1.module%2Bel8.2.0%2B5059%2B3eb3af25?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"product": {
"name": "jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"product_id": "jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-json-provider@2.9.9-1.module%2Bel8.1.0%2B3832%2B9784644d?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"product": {
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"product_id": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.9.9-1.module%2Bel8.1.0%2B3832%2B9784644d?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-module-jaxb-annotations@2.7.6-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-28.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist-javadoc@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"product": {
"name": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"product_id": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-4.0-api@9.0.30-1.module%2Bel8.3.0%2B6730%2B8f9c6254?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"product": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"product_id": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.30-1.module%2Bel8.3.0%2B6730%2B8f9c6254?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/relaxngDatatype@2011.1-7.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"product": {
"name": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"product_id": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resteasy@3.0.26-3.module%2Bel8.2.0%2B5723%2B4574fbff?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j-jdk14@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"product": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"product_id": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/stax-ex@1.7.7-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/velocity@1.7-24.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xalan-j2@2.7.1-38.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.11.0-34.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.4.01-25.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-resolver@1.2-26.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"product": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"product_id": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlstreambuffer@1.5.4-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"product": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"product_id": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xsom@0-19.20110809svn.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-core:10.6:8030020200911215836:5ff1562f",
"product": {
"name": "pki-core:10.6:8030020200911215836:5ff1562f",
"product_id": "pki-core:10.6:8030020200911215836:5ff1562f",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/pki-core@10.6:8030020200911215836:5ff1562f"
}
}
},
{
"category": "product_version",
"name": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"product": {
"name": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"product_id": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ldapjdk@4.22.0-1.module%2Bel8.3.0%2B6784%2B6e1e4c62?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"product": {
"name": "ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"product_id": "ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ldapjdk-javadoc@4.22.0-1.module%2Bel8.3.0%2B6784%2B6e1e4c62?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product": {
"name": "pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_id": "pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-base@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product": {
"name": "pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_id": "pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-base-java@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product": {
"name": "pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_id": "pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-ca@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product": {
"name": "pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_id": "pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-kra@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product": {
"name": "pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_id": "pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-server@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product": {
"name": "python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_id": "python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pki@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"product": {
"name": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"product_id": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcatjss@7.5.0-1.module%2Bel8.3.0%2B7355%2Bc59bcbd9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"product_id": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-collections@3.2.2-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"product_id": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-lang@2.6-21.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"product": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"product_id": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-net@3.6-3.module%2Bel8.3.0%2B6805%2B72837426?arch=src"
}
}
},
{
"category": "product_version",
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"product_id": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bea-stax@1.2.0-16.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"product_id": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-fastinfoset@1.2.13-9.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"product_id": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"product_id": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-api@2.2.12-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product": {
"name": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product_id": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-annotations@2.10.0-1.module%2Bel8.2.0%2B5059%2B3eb3af25?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product": {
"name": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product_id": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-core@2.10.0-1.module%2Bel8.2.0%2B5059%2B3eb3af25?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product": {
"name": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product_id": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-databind@2.10.0-1.module%2Bel8.2.0%2B5059%2B3eb3af25?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"product": {
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"product_id": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.9.9-1.module%2Bel8.1.0%2B3832%2B9784644d?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"product_id": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-module-jaxb-annotations@2.7.6-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"product_id": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-28.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"product_id": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"product": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"product_id": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.30-1.module%2Bel8.3.0%2B6730%2B8f9c6254?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"product_id": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"product_id": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/relaxngDatatype@2011.1-7.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"product": {
"name": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"product_id": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resteasy@3.0.26-3.module%2Bel8.2.0%2B5723%2B4574fbff?arch=src"
}
}
},
{
"category": "product_version",
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"product_id": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"product": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"product_id": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/stax-ex@1.7.7-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=src"
}
}
},
{
"category": "product_version",
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"product_id": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/velocity@1.7-24.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"product_id": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xalan-j2@2.7.1-38.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"product_id": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.11.0-34.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"product_id": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.4.01-25.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"product_id": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-resolver@1.2-26.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"product": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"product_id": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlstreambuffer@1.5.4-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=src"
}
}
},
{
"category": "product_version",
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src",
"product": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src",
"product_id": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xsom@0-19.20110809svn.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src"
}
}
},
{
"category": "product_version",
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"product": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"product_id": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=src"
}
}
},
{
"category": "product_version",
"name": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"product": {
"name": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"product_id": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ldapjdk@4.22.0-1.module%2Bel8.3.0%2B6784%2B6e1e4c62?arch=src"
}
}
},
{
"category": "product_version",
"name": "pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"product": {
"name": "pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"product_id": "pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"product": {
"name": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"product_id": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcatjss@7.5.0-1.module%2Bel8.3.0%2B7355%2Bc59bcbd9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debuginfo@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debugsource@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-javadoc@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debugsource@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_id": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debuginfo@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debugsource@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-javadoc@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debugsource@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_id": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debuginfo@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debugsource@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-javadoc@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debugsource@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_id": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debuginfo@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debugsource@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-javadoc@4.7.3-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debugsource@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_id": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools-debuginfo@10.9.4-1.module%2Bel8.3.0%2B8058%2Bd5cd4219?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
"product_reference": "pki-core:10.6:8030020200911215836:5ff1562f",
"relates_to_product_reference": "AppStream-8.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src"
},
"product_reference": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch"
},
"product_reference": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src"
},
"product_reference": "ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch"
},
"product_reference": "ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch"
},
"product_reference": "pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch"
},
"product_reference": "pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch"
},
"product_reference": "pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src"
},
"product_reference": "pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch"
},
"product_reference": "pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch"
},
"product_reference": "pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64"
},
"product_reference": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le"
},
"product_reference": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x"
},
"product_reference": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64 as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64"
},
"product_reference": "pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch"
},
"product_reference": "python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch"
},
"product_reference": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src as a component of pki-core:10.6:8030020200911215836:5ff1562f as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src"
},
"product_reference": "tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
"product_reference": "pki-deps:10.6:8030020200527165326:30b713e6",
"relates_to_product_reference": "AppStream-8.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch"
},
"product_reference": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src"
},
"product_reference": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch"
},
"product_reference": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src"
},
"product_reference": "jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch"
},
"product_reference": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src"
},
"product_reference": "jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch"
},
"product_reference": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src"
},
"product_reference": "jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch"
},
"product_reference": "jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch"
},
"product_reference": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src"
},
"product_reference": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch"
},
"product_reference": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch"
},
"product_reference": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src"
},
"product_reference": "pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch"
},
"product_reference": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src"
},
"product_reference": "resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src as a component of pki-deps:10.6:8030020200527165326:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2016-10735",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668097"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the data-target attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10735"
},
{
"category": "external",
"summary": "RHBZ#1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
}
],
"release_date": "2016-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the data-target attribute"
},
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"acknowledgments": [
{
"names": [
"Pritam Singh"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-10146",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1710171"
}
],
"notes": [
{
"category": "description",
"text": "A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pki-core: Reflected XSS in \u0027path length\u0027 constraint field in CA\u0027s Agent page",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is considered Low, because it requires the attacker to first request or predict a valid nonce. Without a valid nonce, no arbitrary HTML will be sent back to the victim\u0027s browser.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10146"
},
{
"category": "external",
"summary": "RHBZ#1710171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1710171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10146",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10146"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10146",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10146"
}
],
"release_date": "2020-02-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "pki-core: Reflected XSS in \u0027path length\u0027 constraint field in CA\u0027s Agent page"
},
{
"acknowledgments": [
{
"names": [
"Pritam Singh"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-10179",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695901"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA\u0027s DRM agent page in authorize recovery tab",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10179"
},
{
"category": "external",
"summary": "RHBZ#1695901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10179",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10179"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10179",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10179"
}
],
"release_date": "2020-02-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA\u0027s DRM agent page in authorize recovery tab"
},
{
"acknowledgments": [
{
"names": [
"Pritam Singh"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-10221",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-07-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1732565"
}
],
"notes": [
{
"category": "description",
"text": "A Reflected Cross Site Scripting vulnerability was found in the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pki-core: Reflected XSS in getcookies?url= endpoint in CA",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10221"
},
{
"category": "external",
"summary": "RHBZ#1732565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732565"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10221"
}
],
"release_date": "2020-02-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "pki-core: Reflected XSS in getcookies?url= endpoint in CA"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"acknowledgments": [
{
"names": [
"Pritam Singh"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-1721",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1777579"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Key Recovery Authority (KRA) Agent Service where it did not properly sanitize the recovery ID during a key recovery request, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pki-core: KRA vulnerable to reflected XSS via the getPk12 page",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1721"
},
{
"category": "external",
"summary": "RHBZ#1777579",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1777579"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1721",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1721"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1721",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1721"
}
],
"release_date": "2020-02-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "pki-core: KRA vulnerable to reflected XSS via the getPk12 page"
},
{
"acknowledgments": [
{
"names": [
"@ZeddYu"
],
"organization": "Apache Tomcat Security Team"
}
],
"cve": "CVE-2020-1935",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-12-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1806835"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line (EOL) parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. The highest threat with this vulnerability is system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight in Red Hat OpenStack 10 \u0026 13 was in technical preview status, because of this no fixes will be released for it.\n\nIn Red Hat Satellite 6, Candlepin is using Tomcat to provide a REST API, and has been found to be vulnerable to the flaw. However, it is currently believed that no useful attacks can be carried over.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1935"
},
{
"category": "external",
"summary": "RHBZ#1806835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806835"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1935",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1935"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
}
],
"release_date": "2020-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
},
{
"category": "workaround",
"details": "Workaround for Red Hat Satellite 6 is to add iptables rule to deny TCP requests of Tomcat that are not originating from the Satellite.\n\nFor other Red Hat products, either mitigation isn\u0027t available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling"
},
{
"cve": "CVE-2020-1938",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1806398"
}
],
"notes": [
{
"category": "description",
"text": "CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1745",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1938"
},
{
"category": "external",
"summary": "RHBZ#1806398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1938",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938"
},
{
"category": "external",
"summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/",
"url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
},
{
"category": "external",
"summary": "https://www.cnvd.org.cn/webinfo/show/5415",
"url": "https://www.cnvd.org.cn/webinfo/show/5415"
},
{
"category": "external",
"summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487",
"url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
},
{
"category": "workaround",
"details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-03T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
},
{
"acknowledgments": [
{
"names": [
"Christian Heimes"
]
}
],
"cve": "CVE-2020-15720",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1855273"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PKI, where the dogtag\u0027s pki.client.PKIConnection class disables the python-requests certificate validation. This flaw allows an attacker to intercept a connection between a FreeIPA client and a server, and execute an active Man-in-the-Middle attack. The highest threat from this vulnerability is to confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pki: Dogtag\u0027s python client does not validate certificates",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In PKI, the pki.client.PKIConnection python class is used by the `pki-server` and `pkispawn` commands. `pki-server` runs locally on the server, thus not subject to a Person in the Middle attack. `pkispawn` may access remote node in decentralized or cloned contexts.\n\nIdentity Management (IPA) command line interface (the vault related sub-commands) may call pki.client.PKIConnection().",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-15720"
},
{
"category": "external",
"summary": "RHBZ#1855273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-15720",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15720"
}
],
"release_date": "2020-06-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pki: Dogtag\u0027s python client does not validate certificates"
},
{
"cve": "CVE-2020-25715",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-10-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1891016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pki-core. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pki-core: XSS in the certificate search results",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8.3 (pki-core 10.9.4) contains mitigations that prevents the vulnerability to be exploited. Red Hat Enterprise Linux version 8 prior to 8.3 are vulnerable to this version",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25715"
},
{
"category": "external",
"summary": "RHBZ#1891016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25715",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25715"
}
],
"release_date": "2021-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
},
{
"category": "workaround",
"details": "Because the cross-site scripting (XSS) attack requires the victim to have their RHCS certificate installed in their web browser to be successful, it is recommended that web browser not hold the keys and that the user use the command line interface (CLI) instead.",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pki-core: XSS in the certificate search results"
},
{
"cve": "CVE-2022-25762",
"cwe": {
"id": "CWE-226",
"name": "Sensitive Information in Resource Not Removed Before Reuse"
},
"discovery_date": "2022-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085304"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocket connection closing, the application may continue to use the socket after it has been closed. In this case, the error handling triggered could cause the pooled object to be placed in the pool twice. This issue results in subsequent connections using the same object concurrently, which causes data to be potentially returned to the wrong user or application stability issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: request mixup",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25762"
},
{
"category": "external",
"summary": "RHBZ#2085304",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085304"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25762",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25762"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25762",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25762"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.76",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.76"
}
],
"release_date": "2022-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:39:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4847"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.src",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch",
"AppStream-8.3.0.GA:pki-core:10.6:8030020200911215836:5ff1562f:tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch",
"AppStream-8.3.0.GA:pki-deps:10.6:8030020200527165326:30b713e6:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: request mixup"
}
]
}
rhsa-2020_3936
Vulnerability from csaf_redhat
Published
2020-09-29 21:12
Modified
2024-11-22 14:43
Summary
Red Hat Security Advisory: ipa security, bug fix, and enhancement update
Notes
Topic
An update for ipa is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.
The following packages have been upgraded to a later upstream version: ipa (4.6.8). (BZ#1819725)
Security Fix(es):
* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. (CVE-2018-14042)
* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)
* bootstrap: XSS in the affix configuration target property (CVE-2018-20677)
* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
* js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* ipa: No password length restriction leads to denial of service (CVE-2020-1722)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ipa is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.\n\nThe following packages have been upgraded to a later upstream version: ipa (4.6.8). (BZ#1819725)\n\nSecurity Fix(es):\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)\n\n* bootstrap: XSS in the affix configuration target property (CVE-2018-20677)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* js-jquery: prototype pollution in object\u0027s prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* ipa: No password length restriction leads to denial of service (CVE-2020-1722)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3936",
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index"
},
{
"category": "external",
"summary": "1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "1404770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404770"
},
{
"category": "external",
"summary": "1545755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545755"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1668082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668082"
},
{
"category": "external",
"summary": "1668089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668089"
},
{
"category": "external",
"summary": "1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1754902",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1754902"
},
{
"category": "external",
"summary": "1755535",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755535"
},
{
"category": "external",
"summary": "1756568",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1756568"
},
{
"category": "external",
"summary": "1758406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758406"
},
{
"category": "external",
"summary": "1769791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1769791"
},
{
"category": "external",
"summary": "1771356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1771356"
},
{
"category": "external",
"summary": "1780548",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1780548"
},
{
"category": "external",
"summary": "1782587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782587"
},
{
"category": "external",
"summary": "1788718",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788718"
},
{
"category": "external",
"summary": "1788907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788907"
},
{
"category": "external",
"summary": "1793071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793071"
},
{
"category": "external",
"summary": "1795890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795890"
},
{
"category": "external",
"summary": "1801791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801791"
},
{
"category": "external",
"summary": "1817886",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817886"
},
{
"category": "external",
"summary": "1817918",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817918"
},
{
"category": "external",
"summary": "1817919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817919"
},
{
"category": "external",
"summary": "1817922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817922"
},
{
"category": "external",
"summary": "1817923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817923"
},
{
"category": "external",
"summary": "1817927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817927"
},
{
"category": "external",
"summary": "1819725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819725"
},
{
"category": "external",
"summary": "1825829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825829"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1829787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1829787"
},
{
"category": "external",
"summary": "1834385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834385"
},
{
"category": "external",
"summary": "1842950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842950"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3936.json"
}
],
"title": "Red Hat Security Advisory: ipa security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T14:43:09+00:00",
"generator": {
"date": "2024-11-22T14:43:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:3936",
"initial_release_date": "2020-09-29T21:12:26+00:00",
"revision_history": [
{
"date": "2020-09-29T21:12:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-09-29T21:12:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:43:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "ipa-0:4.6.8-5.el7.src",
"product": {
"name": "ipa-0:4.6.8-5.el7.src",
"product_id": "ipa-0:4.6.8-5.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa@4.6.8-5.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ipa-client-0:4.6.8-5.el7.x86_64",
"product": {
"name": "ipa-client-0:4.6.8-5.el7.x86_64",
"product_id": "ipa-client-0:4.6.8-5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.6.8-5.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"product": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"product_id": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.6.8-5.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-0:4.6.8-5.el7.x86_64",
"product": {
"name": "ipa-server-0:4.6.8-5.el7.x86_64",
"product_id": "ipa-server-0:4.6.8-5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server@4.6.8-5.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"product": {
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"product_id": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-trust-ad@4.6.8-5.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ipa-client-common-0:4.6.8-5.el7.noarch",
"product": {
"name": "ipa-client-common-0:4.6.8-5.el7.noarch",
"product_id": "ipa-client-common-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client-common@4.6.8-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-common-0:4.6.8-5.el7.noarch",
"product": {
"name": "ipa-common-0:4.6.8-5.el7.noarch",
"product_id": "ipa-common-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-common@4.6.8-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"product": {
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"product_id": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-python-compat@4.6.8-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"product": {
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"product_id": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-ipaclient@4.6.8-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python2-ipalib-0:4.6.8-5.el7.noarch",
"product": {
"name": "python2-ipalib-0:4.6.8-5.el7.noarch",
"product_id": "python2-ipalib-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-ipalib@4.6.8-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-server-common-0:4.6.8-5.el7.noarch",
"product": {
"name": "ipa-server-common-0:4.6.8-5.el7.noarch",
"product_id": "ipa-server-common-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-common@4.6.8-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"product": {
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"product_id": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-server-dns@4.6.8-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"product": {
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"product_id": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-ipaserver@4.6.8-5.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ipa-client-0:4.6.8-5.el7.s390x",
"product": {
"name": "ipa-client-0:4.6.8-5.el7.s390x",
"product_id": "ipa-client-0:4.6.8-5.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.6.8-5.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"product": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"product_id": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.6.8-5.el7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ipa-client-0:4.6.8-5.el7.ppc64",
"product": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64",
"product_id": "ipa-client-0:4.6.8-5.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.6.8-5.el7?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"product": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"product_id": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.6.8-5.el7?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "ipa-client-0:4.6.8-5.el7.ppc64le",
"product": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64le",
"product_id": "ipa-client-0:4.6.8-5.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-client@4.6.8-5.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"product": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"product_id": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ipa-debuginfo@4.6.8-5.el7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.6.8-5.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-0:4.6.8-5.el7.src"
},
"product_reference": "ipa-0:4.6.8-5.el7.src",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-client-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipalib-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipalib-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.6.8-5.el7.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-0:4.6.8-5.el7.src"
},
"product_reference": "ipa-0:4.6.8-5.el7.src",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-client-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipalib-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipalib-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.6.8-5.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src"
},
"product_reference": "ipa-0:4.6.8-5.el7.src",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-client-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipalib-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipalib-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.6.8-5.el7.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src"
},
"product_reference": "ipa-0:4.6.8-5.el7.src",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-client-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipalib-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipalib-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.6.8-5.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-0:4.6.8-5.el7.src"
},
"product_reference": "ipa-0:4.6.8-5.el7.src",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-client-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipalib-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipalib-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Server-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-0:4.6.8-5.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-0:4.6.8-5.el7.src"
},
"product_reference": "ipa-0:4.6.8-5.el7.src",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-client-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-client-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-client-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.s390x",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-debuginfo-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-python-compat-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-python-compat-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-common-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-common-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-dns-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch"
},
"product_reference": "ipa-server-dns-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64"
},
"product_reference": "ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaclient-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaclient-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipalib-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipalib-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-ipaserver-0:4.6.8-5.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
},
"product_reference": "python2-ipaserver-0:4.6.8-5.el7.noarch",
"relates_to_product_reference": "7Workstation-7.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2016-11-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1399546"
}
],
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting via cross-domain ajax requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "RHBZ#1399546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
}
],
"release_date": "2015-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting via cross-domain ajax requests"
},
{
"cve": "CVE-2016-10735",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668097"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the data-target attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10735"
},
{
"category": "external",
"summary": "RHBZ#1668097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10735"
}
],
"release_date": "2016-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the data-target attribute"
},
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2018-20676",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668082"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip data-viewport attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions do not use the vulnerable component at all.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20676"
},
{
"category": "external",
"summary": "RHBZ#1668082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20676",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20676"
}
],
"release_date": "2018-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the tooltip data-viewport attribute"
},
{
"cve": "CVE-2018-20677",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-01-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668089"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim\u0027s Web browser within the security context of the hosting Web site, which can lead to stealing the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the affix configuration target property",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions do not use the vulnerable component at all.\n\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20677"
},
{
"category": "external",
"summary": "RHBZ#1668089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668089"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20677",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20677"
}
],
"release_date": "2018-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the affix configuration target property"
},
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"acknowledgments": [
{
"names": [
"Pritam Singh"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-1722",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in IPA. When sending a very long password (\u003e= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ipa: No password length restriction leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1722"
},
{
"category": "external",
"summary": "RHBZ#1793071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1722",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1722"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1722",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1722"
}
],
"release_date": "2020-04-14T04:26:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ipa: No password length restriction leads to denial of service"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-29T21:12:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Client-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Client-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Client-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-0:4.6.8-5.el7.src",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7ComputeNode-optional-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7ComputeNode-optional-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7ComputeNode-optional-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-0:4.6.8-5.el7.src",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Server-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Server-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Server-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Server-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Server-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-0:4.6.8-5.el7.src",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-client-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-client-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.ppc64le",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.s390x",
"7Workstation-7.9:ipa-debuginfo-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-python-compat-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:ipa-server-common-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-dns-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:ipa-server-trust-ad-0:4.6.8-5.el7.x86_64",
"7Workstation-7.9:python2-ipaclient-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipalib-0:4.6.8-5.el7.noarch",
"7Workstation-7.9:python2-ipaserver-0:4.6.8-5.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
}
]
}
icsa-18-212-04
Vulnerability from csaf_cisa
Published
2018-07-31 00:00
Modified
2018-07-31 00:00
Summary
AVEVA InTouch Access Anywhere
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of this vulnerability may allow attackers to obtain sensitive information and/or execute Javascript or HTML code.
Critical infrastructure sectors
Chemical, Critical Manufacturing, Energy, Food and Agriculture, and Water and Wastewater
Countries/areas deployed
Worldwide
Company headquarters location
United Kingdom
Recommended Practices
NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices
NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target this vulnerability.
{
"document": {
"acknowledgments": [
{
"organization": "Google \u0027s Security Team",
"summary": "reporting this vulnerability to AVEVA"
},
{
"organization": "AVEVA",
"summary": "reporting it to NCCIC"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of this vulnerability may allow attackers to obtain sensitive information and/or execute Javascript or HTML code.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Chemical, Critical Manufacturing, Energy, Food and Agriculture, and Water and Wastewater",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United Kingdom",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target this vulnerability.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-18-212-04 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-212-04.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-18-212-04 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-212-04"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "AVEVA InTouch Access Anywhere",
"tracking": {
"current_release_date": "2018-07-31T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-18-212-04",
"initial_release_date": "2018-07-31T00:00:00.000000Z",
"revision_history": [
{
"date": "2018-07-31T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-18-212-04 AVEVA InTouch Access Anywhere"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 3.0.0",
"product": {
"name": "Vulnerable versions of jQuery are those: prior to Version 3.0.0",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Vulnerable versions of jQuery are those"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2017 Update 2",
"product": {
"name": "InTouch Access Anywhere: 2017 Update 2 and prior",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "InTouch Access Anywhere"
}
],
"category": "vendor",
"name": "AVEVA Software, LLC"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery before Version 3.0.0 is vulnerable to cross-site scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.CVE-2015-9251 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9251"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "AVEVA recommends users install update \u201cInTouch Access Anywhere 2017 Update 2b\ufffdor later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://softwaresupportsp.schneider-electric.com/#/producthub/details?id=5061"
},
{
"category": "mitigation",
"details": "AVEVA has published Security Bulletin LFSEC00000126. ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
ICSMA-21-187-01
Vulnerability from csaf_cisa
Published
2021-07-06 00:00
Modified
2022-04-05 00:00
Summary
Philips Vue PACS (Update B)
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could allow an unauthorized person or process to eavesdrop, view or modify data, gain system access, perform code execution, install unauthorized software, or affect system data integrity in such a way as to negatively impact the confidentiality, integrity, or availability of the system.
Critical infrastructure sectors
Healthcare and Public Health
Countries/areas deployed
Worldwide
Company headquarters location
Netherlands
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"names": [
"Antonio Kulhanek"
],
"summary": "reporting CVE-2021-39369 to Philips"
},
{
"organization": "Philips",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an unauthorized person or process to eavesdrop, view or modify data, gain system access, perform code execution, install unauthorized software, or affect system data integrity in such a way as to negatively impact the confidentiality, integrity, or availability of the system.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Healthcare and Public Health",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Netherlands",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSMA-21-187-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsma-21-187-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSMA-21-187-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-21-187-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Philips Vue PACS (Update B)",
"tracking": {
"current_release_date": "2022-04-05T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSMA-21-187-01",
"initial_release_date": "2021-07-06T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-07-06T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSMA-21-187-01 Philips Vue PACS"
},
{
"date": "2022-01-20T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "ICSMA-21-187-01 Philips Vue PACS (Update A)"
},
{
"date": "2022-04-05T00:00:00.000000Z",
"legacy_version": "B",
"number": "3",
"summary": "ICSMA-21-187-01 Philips Vue PACS (Update B)"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 12.2.x.x",
"product": {
"name": "Vue PACS: Versions 12.2.x.x and prior",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Vue PACS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 12.2.1.5",
"product": {
"name": "Vue Motion: Versions 12.2.1.5 and prior",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Vue Motion"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 12.2.x.x",
"product": {
"name": "Vue MyVue: Versions 12.2.x.x and prior",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Vue MyVue"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 12.2.x.x",
"product": {
"name": "Vue Speech: Versions 12.2.x.x and prior",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Vue Speech"
}
],
"category": "vendor",
"name": "Philips"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1938",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. CVE-2020-1938 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2018-12326",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This vulnerability exists within a third party software component (Redis). CVE-2018-12326 and CVE-2018-11218 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12326"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11218"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2018-11218",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This vulnerability exists within a third party software component (Redis). CVE-2020-4670 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4670"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2020-4670",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"notes": [
{
"category": "summary",
"text": "The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure. CVE-2018-8014 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8014"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2018-8014",
"cwe": {
"id": "CWE-324",
"name": "Use of a Key Past its Expiration Date"
},
"notes": [
{
"category": "summary",
"text": "The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key. CVE-2021-33020 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33020"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2021-33020",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "summary",
"text": "The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used. This vulnerability exists within a third party software component (7-Zip). CVE-2018-10115 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10115"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2018-10115",
"cwe": {
"id": "CWE-710",
"name": "Improper Adherence to Coding Standards"
},
"notes": [
{
"category": "summary",
"text": "The software does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities. CVE-2021-27501 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27501"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2021-27501",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information. CVE-2021-33018 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33018"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2021-33018",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"notes": [
{
"category": "summary",
"text": "The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. CVE-2021-27497 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27497"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2021-27497",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"notes": [
{
"category": "summary",
"text": "Weaknesses in this category is related to a software system\u0027s data integrity components. This vulnerability exists within a third party software component (Oracle Database). CVE-2012-1708 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1708"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2012-1708",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in an output used as a webpage that is served to other users. CVE-2015-9251 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-707",
"name": "Improper Neutralization"
},
"notes": [
{
"category": "summary",
"text": "The product does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. CVE-2021-27493 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27493"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2021-27493",
"cwe": {
"id": "CWE-176",
"name": "Improper Handling of Unicode Encoding"
},
"notes": [
{
"category": "summary",
"text": "The software does not properly handle when an input contains Unicode encoding. CVE-2019-9636 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2019-9636",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"notes": [
{
"category": "summary",
"text": "The product transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval. CVE-2021-33024 has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33024"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2021-33024",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. CVE-2021-33022 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33022"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2021-33022",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "summary",
"text": "The VideoStream function allows authenticated users access to files stored outside the web root. CVE-2021-39369 has been assigned to this vulnerability. A CVSS v3 base score of 2.7 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39369"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
}
]
}
ICSA-18-212-04
Vulnerability from csaf_cisa
Published
2018-07-31 00:00
Modified
2018-07-31 00:00
Summary
AVEVA InTouch Access Anywhere
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of this vulnerability may allow attackers to obtain sensitive information and/or execute Javascript or HTML code.
Critical infrastructure sectors
Chemical, Critical Manufacturing, Energy, Food and Agriculture, and Water and Wastewater
Countries/areas deployed
Worldwide
Company headquarters location
United Kingdom
Recommended Practices
NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices
NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target this vulnerability.
{
"document": {
"acknowledgments": [
{
"organization": "Google \u0027s Security Team",
"summary": "reporting this vulnerability to AVEVA"
},
{
"organization": "AVEVA",
"summary": "reporting it to NCCIC"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of this vulnerability may allow attackers to obtain sensitive information and/or execute Javascript or HTML code.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Chemical, Critical Manufacturing, Energy, Food and Agriculture, and Water and Wastewater",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United Kingdom",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target this vulnerability.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-18-212-04 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-212-04.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-18-212-04 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-212-04"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "AVEVA InTouch Access Anywhere",
"tracking": {
"current_release_date": "2018-07-31T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-18-212-04",
"initial_release_date": "2018-07-31T00:00:00.000000Z",
"revision_history": [
{
"date": "2018-07-31T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-18-212-04 AVEVA InTouch Access Anywhere"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 3.0.0",
"product": {
"name": "Vulnerable versions of jQuery are those: prior to Version 3.0.0",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Vulnerable versions of jQuery are those"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2017 Update 2",
"product": {
"name": "InTouch Access Anywhere: 2017 Update 2 and prior",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "InTouch Access Anywhere"
}
],
"category": "vendor",
"name": "AVEVA Software, LLC"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery before Version 3.0.0 is vulnerable to cross-site scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.CVE-2015-9251 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9251"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "AVEVA recommends users install update \u201cInTouch Access Anywhere 2017 Update 2b\ufffdor later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://softwaresupportsp.schneider-electric.com/#/producthub/details?id=5061"
},
{
"category": "mitigation",
"details": "AVEVA has published Security Bulletin LFSEC00000126. ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
icsa-19-155-01
Vulnerability from csaf_cisa
Published
2019-06-04 00:00
Modified
2019-06-04 00:00
Summary
PHOENIX CONTACT PLCNext AXC F 2152
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could allow an attacker to decrypt passwords, bypass authentication, and deny service to the device. In addition, these vulnerabilities could interact with third-party vulnerabilities to cause other impacts to integrity, confidentiality, and availability.
Critical infrastructure sectors
Commercial Facilities
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices
NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
Recommended Practices
NCCIC also recommends that users take the following measures to protect themselves from social engineering attacks:
Exploitability
No known public exploits specifically target these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"names": [
"Zahra Khani"
],
"organization": "Firmalyzer",
"summary": "reporting some of these vulnerabilities to NCCIC"
},
{
"organization": "OPC Foundation",
"summary": "reporting some of these vulnerabilities to Phoenix Contact"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an attacker to decrypt passwords, bypass authentication, and deny service to the device. In addition, these vulnerabilities could interact with third-party vulnerabilities to cause other impacts to integrity, confidentiality, and availability.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Commercial Facilities",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC also recommends that users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-19-155-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-155-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-19-155-01 - Web Scraped Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-155-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-155-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-155-01"
}
],
"title": "PHOENIX CONTACT PLCNext AXC F 2152",
"tracking": {
"current_release_date": "2019-06-04T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-19-155-01",
"initial_release_date": "2019-06-04T00:00:00.000000Z",
"revision_history": [
{
"date": "2019-06-04T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-19-155-01 PHOENIX CONTACT PLCNext AXC F 2152"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "2404267 version 1.x",
"product": {
"name": "AXC F 2152: article number 2404267 version 1.x",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "AXC F 2152"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1046568 (Starterkit) version 1.x",
"product": {
"name": "AXC F 2152: article number 1046568 (Starterkit) version 1.x",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "AXC F 2152"
}
],
"category": "vendor",
"name": "Phoenix Contact"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-7559",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "summary",
"text": "A remote attacker can exploit a server \u0027s private key by sending carefully constructed UserIdentityTokens encrypted with the Basic128Rsa15 security policy. This could allow an attacker to decrypt passwords even if encrypted with another security policy such as Basic256Sha256. CVE-2018-7559 has been assigned to this vulnerability. A CVSS v3 base score of 7.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7559"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2019-10998",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "summary",
"text": "An attacker with physical access to the device can manipulate SD card data, which could allow an attacker to bypass the authentication of the device. This device is designed for use in a protected industrial environment with restricted physical access.CVE-2019-10998 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10998"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2019-10997",
"cwe": {
"id": "CWE-300",
"name": "Channel Accessible by Non-Endpoint"
},
"notes": [
{
"category": "summary",
"text": "An attacker trying to connect to the device using a man-in-the-middle setup may crash the PLC service, resulting in a denial of service condition. The device must then be rebooted, or the PLC service must be restarted manually via Linux shell.CVE-2019-10997 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10997"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-8816",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8816"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-9953",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9953"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-8817",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an \u0027[\u0027 character.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8817"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-11541",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11541"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-11542",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11542"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-11543",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11543"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-5334",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5334"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-5336",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5336"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-9841",
"cwe": {
"id": "CWE-823",
"name": "Use of Out-of-range Pointer Offset"
},
"notes": [
{
"category": "summary",
"text": "inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9841"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-1000120",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000120"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-5337",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5337"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-9843",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"notes": [
{
"category": "summary",
"text": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9843"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-1000257",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl\u0027s deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000257"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-1000122",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000122"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-1000301",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl \u003c 7.20.0 and curl \u003e= 7.60.0.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000301"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-1000005",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn\u0027t updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000005"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-9842",
"cwe": {
"id": "CWE-1335",
"name": "Incorrect Bitwise Shift of Integer"
},
"notes": [
{
"category": "summary",
"text": "The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9842"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-9840",
"cwe": {
"id": "CWE-823",
"name": "Use of Out-of-range Pointer Offset"
},
"notes": [
{
"category": "summary",
"text": "inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9840"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-9952",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by \"*.com.\"",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9952"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-1247",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1247"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-9023",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9023"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-6301",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6301"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-7141",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7141"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-7444",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "summary",
"text": "The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7444"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-1000121",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000121"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-1000254",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000254"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-11108",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11108"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-11185",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11185"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-3731",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3731"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-9233",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9233"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-5335",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5335"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-9022",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9022"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-1000117",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000117"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-5388",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5388"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-1000101",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000101"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-1000100",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn\u0027t restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl\u0027s redirect protocols with --proto-redir and libcurl\u0027s with CURLOPT_REDIR_PROTOCOLS.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000100"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-7103",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7103"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9251"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-3738",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3738"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-0737",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0737"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-3737",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3737"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-15906",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "summary",
"text": "The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15906"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-3735",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3735"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
icsa-22-097-01
Vulnerability from csaf_cisa
Published
2022-04-07 00:00
Modified
2022-04-07 00:00
Summary
Pepperl+Fuchs WirelessHART-Gateway
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities may result in a denial-of-service condition, code execution, and code exposure.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take the following measures to protect themselves from social engineering attacks:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordinating these vulnerabilities with Pepperl+Fuchs"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities may result in a denial-of-service condition, code execution, and code exposure.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-22-097-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-097-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-097-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-097-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Pepperl+Fuchs WirelessHART-Gateway",
"tracking": {
"current_release_date": "2022-04-07T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-097-01",
"initial_release_date": "2022-04-07T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-04-07T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-22-097-01 Pepperl+Fuchs WirelessHART-Gateway"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0.7 | 3.0.8 | 3.0.9",
"product": {
"name": "WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "WHA-GW-F2D2-0-AS- Z2-ETH"
},
{
"branches": [
{
"category": "product_version",
"name": "3.0.7 | 3.0.8 | 3.0.9",
"product": {
"name": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP"
}
],
"category": "vendor",
"name": "Pepperl+Fuchs"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-34565",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"category": "summary",
"text": "The affected product allows active SSH and telnet services with hard-coded credentials.CVE-2021-34565 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34565"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-10707",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "jQuery 3.0.0-rc.1 is vulnerable to a denial-of-service condition due to removing a logic a lowercased attribute names. Any attribute using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.CVE-2016-10707 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10707"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34561",
"cwe": {
"id": "CWE-350",
"name": "Reliance on Reverse DNS Resolution for a Security-Critical Action"
},
"notes": [
{
"category": "summary",
"text": "If the application is not externally accessible or uses IP-based access restrictions, attackers can use DNS rebinding to bypass any IP or firewall-based access restrictions by proxying through their target\u0027s browser. This vulnerability only affects Versions 3.0.7 through 3.0.8.CVE-2021-34561 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34561"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-33555",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability only affects Version 3.0.7.CVE-2021-33555 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33555"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2014-6071",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery Version 1.4.2 allows remote attackers to conduct cross-site scripting attacks via vectors related to use of the text method.CVE-2014-6071 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6071"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2012-6708",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 1.9.0 are vulnerable to cross-site scripting attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string, giving attackers more flexibility when attempting to deliver a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character, limiting exploitability only to attackers who can control the beginning of a string.CVE-2012-6708 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6708"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 3.0.0 are vulnerable to cross-site scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.CVE-2015-9251 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9251"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In jQuery versions between 1.0.3 and 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources (even after sanitizing it) to one of jQuery\u0027s DOM manipulation methods (i.e., .html(), .append(), and others) may execute untrusted code. This vulnerability is patched in jQuery 3.5.0.CVE-2020-11023 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11023"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In jQuery versions between 1.2 and 3.5.0, passing HTML from untrusted sources (even after sanitizing it) to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This vulnerability is patched in jQuery 3.5.0.CVE-2020-11022 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11022"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 3.4.0, as used in specific products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.CVE-2019-11358 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11358"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-7656",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 1.9.0 allow cross-site scripting attacks via the load method. The load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character, \"\u003c/script \u003e\", which results in the enclosed script logic to be executed.CVE-2020-7656 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7656"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34560",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "The affected product contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user\u0027s computer.CVE-2021-34560 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34560"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34564",
"cwe": {
"id": "CWE-315",
"name": "Cleartext Storage of Sensitive Information in a Cookie"
},
"notes": [
{
"category": "summary",
"text": "Cookie stealing vulnerabilities within the application or browser allow an attacker to steal the user\u0027s credentials in Version 3.0.9.CVE-2021-34564 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34564"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34559",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the affected product, Versions 3.0.7 through 3.0.8 have a vulnerability that may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.CVE-2021-34559 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34559"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34562",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the affected product, Version 3.0.8, it is possible to inject arbitrary JavaScript into the application\u0027s response.CVE-2021-34562 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34562"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2007-2379",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "The jQuery framework exchanges data using JavaScript object notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"CVE-2007-2379 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2379"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2011-4969",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 1.6.3 contain a Cross-site scripting (XSS) vulnerability, which when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.CVE-2011-4969 has been assigned to this vulnerability. A CVSS v3 base score of 4.7 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34563",
"cwe": {
"id": "CWE-1004",
"name": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag"
},
"notes": [
{
"category": "summary",
"text": "In the affected product, Versions 3.0.8 and 3.0.9, the HttpOnly attribute is not set on a cookie, which allows the cookie\u0027s value to be read or set by client-side JavaScript.CVE-2021-34563 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34563"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2013-0169",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue.CVE-2013-0169 has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
ICSA-22-097-01
Vulnerability from csaf_cisa
Published
2022-04-07 00:00
Modified
2022-04-07 00:00
Summary
Pepperl+Fuchs WirelessHART-Gateway
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities may result in a denial-of-service condition, code execution, and code exposure.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take the following measures to protect themselves from social engineering attacks:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordinating these vulnerabilities with Pepperl+Fuchs"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities may result in a denial-of-service condition, code execution, and code exposure.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-22-097-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-097-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-097-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-097-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Pepperl+Fuchs WirelessHART-Gateway",
"tracking": {
"current_release_date": "2022-04-07T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-097-01",
"initial_release_date": "2022-04-07T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-04-07T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-22-097-01 Pepperl+Fuchs WirelessHART-Gateway"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0.7 | 3.0.8 | 3.0.9",
"product": {
"name": "WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "WHA-GW-F2D2-0-AS- Z2-ETH"
},
{
"branches": [
{
"category": "product_version",
"name": "3.0.7 | 3.0.8 | 3.0.9",
"product": {
"name": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP"
}
],
"category": "vendor",
"name": "Pepperl+Fuchs"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-34565",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"category": "summary",
"text": "The affected product allows active SSH and telnet services with hard-coded credentials.CVE-2021-34565 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34565"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-10707",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "jQuery 3.0.0-rc.1 is vulnerable to a denial-of-service condition due to removing a logic a lowercased attribute names. Any attribute using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.CVE-2016-10707 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10707"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34561",
"cwe": {
"id": "CWE-350",
"name": "Reliance on Reverse DNS Resolution for a Security-Critical Action"
},
"notes": [
{
"category": "summary",
"text": "If the application is not externally accessible or uses IP-based access restrictions, attackers can use DNS rebinding to bypass any IP or firewall-based access restrictions by proxying through their target\u0027s browser. This vulnerability only affects Versions 3.0.7 through 3.0.8.CVE-2021-34561 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34561"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-33555",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability only affects Version 3.0.7.CVE-2021-33555 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33555"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2014-6071",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery Version 1.4.2 allows remote attackers to conduct cross-site scripting attacks via vectors related to use of the text method.CVE-2014-6071 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6071"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2012-6708",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 1.9.0 are vulnerable to cross-site scripting attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string, giving attackers more flexibility when attempting to deliver a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character, limiting exploitability only to attackers who can control the beginning of a string.CVE-2012-6708 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6708"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 3.0.0 are vulnerable to cross-site scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.CVE-2015-9251 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9251"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In jQuery versions between 1.0.3 and 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources (even after sanitizing it) to one of jQuery\u0027s DOM manipulation methods (i.e., .html(), .append(), and others) may execute untrusted code. This vulnerability is patched in jQuery 3.5.0.CVE-2020-11023 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11023"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In jQuery versions between 1.2 and 3.5.0, passing HTML from untrusted sources (even after sanitizing it) to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This vulnerability is patched in jQuery 3.5.0.CVE-2020-11022 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11022"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 3.4.0, as used in specific products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.CVE-2019-11358 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11358"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-7656",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 1.9.0 allow cross-site scripting attacks via the load method. The load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character, \"\u003c/script \u003e\", which results in the enclosed script logic to be executed.CVE-2020-7656 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7656"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34560",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "The affected product contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user\u0027s computer.CVE-2021-34560 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34560"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34564",
"cwe": {
"id": "CWE-315",
"name": "Cleartext Storage of Sensitive Information in a Cookie"
},
"notes": [
{
"category": "summary",
"text": "Cookie stealing vulnerabilities within the application or browser allow an attacker to steal the user\u0027s credentials in Version 3.0.9.CVE-2021-34564 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34564"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34559",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the affected product, Versions 3.0.7 through 3.0.8 have a vulnerability that may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.CVE-2021-34559 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34559"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34562",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the affected product, Version 3.0.8, it is possible to inject arbitrary JavaScript into the application\u0027s response.CVE-2021-34562 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34562"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2007-2379",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "The jQuery framework exchanges data using JavaScript object notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"CVE-2007-2379 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2379"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2011-4969",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 1.6.3 contain a Cross-site scripting (XSS) vulnerability, which when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.CVE-2011-4969 has been assigned to this vulnerability. A CVSS v3 base score of 4.7 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34563",
"cwe": {
"id": "CWE-1004",
"name": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag"
},
"notes": [
{
"category": "summary",
"text": "In the affected product, Versions 3.0.8 and 3.0.9, the HttpOnly attribute is not set on a cookie, which allows the cookie\u0027s value to be read or set by client-side JavaScript.CVE-2021-34563 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34563"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2013-0169",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue.CVE-2013-0169 has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
icsma-21-187-01
Vulnerability from csaf_cisa
Published
2021-07-06 00:00
Modified
2022-04-05 00:00
Summary
Philips Vue PACS (Update B)
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could allow an unauthorized person or process to eavesdrop, view or modify data, gain system access, perform code execution, install unauthorized software, or affect system data integrity in such a way as to negatively impact the confidentiality, integrity, or availability of the system.
Critical infrastructure sectors
Healthcare and Public Health
Countries/areas deployed
Worldwide
Company headquarters location
Netherlands
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"names": [
"Antonio Kulhanek"
],
"summary": "reporting CVE-2021-39369 to Philips"
},
{
"organization": "Philips",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an unauthorized person or process to eavesdrop, view or modify data, gain system access, perform code execution, install unauthorized software, or affect system data integrity in such a way as to negatively impact the confidentiality, integrity, or availability of the system.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Healthcare and Public Health",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Netherlands",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSMA-21-187-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsma-21-187-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSMA-21-187-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-21-187-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Philips Vue PACS (Update B)",
"tracking": {
"current_release_date": "2022-04-05T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSMA-21-187-01",
"initial_release_date": "2021-07-06T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-07-06T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSMA-21-187-01 Philips Vue PACS"
},
{
"date": "2022-01-20T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "ICSMA-21-187-01 Philips Vue PACS (Update A)"
},
{
"date": "2022-04-05T00:00:00.000000Z",
"legacy_version": "B",
"number": "3",
"summary": "ICSMA-21-187-01 Philips Vue PACS (Update B)"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 12.2.x.x",
"product": {
"name": "Vue PACS: Versions 12.2.x.x and prior",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Vue PACS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 12.2.1.5",
"product": {
"name": "Vue Motion: Versions 12.2.1.5 and prior",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Vue Motion"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 12.2.x.x",
"product": {
"name": "Vue MyVue: Versions 12.2.x.x and prior",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Vue MyVue"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 12.2.x.x",
"product": {
"name": "Vue Speech: Versions 12.2.x.x and prior",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Vue Speech"
}
],
"category": "vendor",
"name": "Philips"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1938",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. CVE-2020-1938 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2018-12326",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This vulnerability exists within a third party software component (Redis). CVE-2018-12326 and CVE-2018-11218 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12326"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11218"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2018-11218",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This vulnerability exists within a third party software component (Redis). CVE-2020-4670 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4670"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2020-4670",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"notes": [
{
"category": "summary",
"text": "The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure. CVE-2018-8014 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8014"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2018-8014",
"cwe": {
"id": "CWE-324",
"name": "Use of a Key Past its Expiration Date"
},
"notes": [
{
"category": "summary",
"text": "The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key. CVE-2021-33020 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33020"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2021-33020",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "summary",
"text": "The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used. This vulnerability exists within a third party software component (7-Zip). CVE-2018-10115 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10115"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2018-10115",
"cwe": {
"id": "CWE-710",
"name": "Improper Adherence to Coding Standards"
},
"notes": [
{
"category": "summary",
"text": "The software does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities. CVE-2021-27501 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27501"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2021-27501",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information. CVE-2021-33018 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33018"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2021-33018",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"notes": [
{
"category": "summary",
"text": "The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. CVE-2021-27497 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27497"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2021-27497",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"notes": [
{
"category": "summary",
"text": "Weaknesses in this category is related to a software system\u0027s data integrity components. This vulnerability exists within a third party software component (Oracle Database). CVE-2012-1708 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1708"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2012-1708",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in an output used as a webpage that is served to other users. CVE-2015-9251 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-707",
"name": "Improper Neutralization"
},
"notes": [
{
"category": "summary",
"text": "The product does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. CVE-2021-27493 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27493"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2021-27493",
"cwe": {
"id": "CWE-176",
"name": "Improper Handling of Unicode Encoding"
},
"notes": [
{
"category": "summary",
"text": "The software does not properly handle when an input contains Unicode encoding. CVE-2019-9636 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2019-9636",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"notes": [
{
"category": "summary",
"text": "The product transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval. CVE-2021-33024 has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33024"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2021-33024",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. CVE-2021-33022 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33022"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2021-33022",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "summary",
"text": "The VideoStream function allows authenticated users access to files stored outside the web root. CVE-2021-39369 has been assigned to this vulnerability. A CVSS v3 base score of 2.7 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39369"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips recommends configuring the Vue PACS environment per D000763414 - Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://incenter.medical.philips.com/"
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for MyVue that remediates CWE-693 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.1.5 in June of 2020 for Vue Motion that remediates CWE-324 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for Speech that remediates CWE-693, CWE-319, CWE-119, CWE-287, and CWE-1214 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.0 in May of 2021 for PACS that remediates CWE-20, CWE-119, CWE-287 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips released a security fix for Speech in Nov 2021 that remediates CWE-665 and CWE-327 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Philips released version 12.2.1.6 in December 2021 for VuePAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration that remediates CWE-23.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for MyVue that remediates CWE-665 and CWE-710 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Philips released Version 12.2.8.100 in Q1 / 2022 for PACS that remediates CWE-79, CWE-693, CWE-665, CWE-1188, CWE-327, CWE-176, CWE-522, CWE-710, and CWE-707 and recommends contacting support below.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Philips will release a fix for PACS that remediates CWE-522 with low score of 3.7 in Q3 2023.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://eservice.philips.com/Account/Login?returnUrl=%2F"
},
{
"category": "vendor_fix",
"details": "The Philips advisory is available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest security information for Philips products.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
}
]
}
ICSA-19-155-01
Vulnerability from csaf_cisa
Published
2019-06-04 00:00
Modified
2019-06-04 00:00
Summary
PHOENIX CONTACT PLCNext AXC F 2152
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could allow an attacker to decrypt passwords, bypass authentication, and deny service to the device. In addition, these vulnerabilities could interact with third-party vulnerabilities to cause other impacts to integrity, confidentiality, and availability.
Critical infrastructure sectors
Commercial Facilities
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices
NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
Recommended Practices
NCCIC also recommends that users take the following measures to protect themselves from social engineering attacks:
Exploitability
No known public exploits specifically target these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"names": [
"Zahra Khani"
],
"organization": "Firmalyzer",
"summary": "reporting some of these vulnerabilities to NCCIC"
},
{
"organization": "OPC Foundation",
"summary": "reporting some of these vulnerabilities to Phoenix Contact"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an attacker to decrypt passwords, bypass authentication, and deny service to the device. In addition, these vulnerabilities could interact with third-party vulnerabilities to cause other impacts to integrity, confidentiality, and availability.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Commercial Facilities",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC also recommends that users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-19-155-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-155-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-19-155-01 - Web Scraped Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-155-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-155-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-155-01"
}
],
"title": "PHOENIX CONTACT PLCNext AXC F 2152",
"tracking": {
"current_release_date": "2019-06-04T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-19-155-01",
"initial_release_date": "2019-06-04T00:00:00.000000Z",
"revision_history": [
{
"date": "2019-06-04T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-19-155-01 PHOENIX CONTACT PLCNext AXC F 2152"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "2404267 version 1.x",
"product": {
"name": "AXC F 2152: article number 2404267 version 1.x",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "AXC F 2152"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1046568 (Starterkit) version 1.x",
"product": {
"name": "AXC F 2152: article number 1046568 (Starterkit) version 1.x",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "AXC F 2152"
}
],
"category": "vendor",
"name": "Phoenix Contact"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-7559",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "summary",
"text": "A remote attacker can exploit a server \u0027s private key by sending carefully constructed UserIdentityTokens encrypted with the Basic128Rsa15 security policy. This could allow an attacker to decrypt passwords even if encrypted with another security policy such as Basic256Sha256. CVE-2018-7559 has been assigned to this vulnerability. A CVSS v3 base score of 7.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7559"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2019-10998",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "summary",
"text": "An attacker with physical access to the device can manipulate SD card data, which could allow an attacker to bypass the authentication of the device. This device is designed for use in a protected industrial environment with restricted physical access.CVE-2019-10998 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10998"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2019-10997",
"cwe": {
"id": "CWE-300",
"name": "Channel Accessible by Non-Endpoint"
},
"notes": [
{
"category": "summary",
"text": "An attacker trying to connect to the device using a man-in-the-middle setup may crash the PLC service, resulting in a denial of service condition. The device must then be rebooted, or the PLC service must be restarted manually via Linux shell.CVE-2019-10997 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10997"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-8816",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8816"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-9953",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9953"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-8817",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an \u0027[\u0027 character.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8817"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-11541",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11541"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-11542",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11542"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-11543",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11543"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-5334",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5334"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-5336",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5336"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-9841",
"cwe": {
"id": "CWE-823",
"name": "Use of Out-of-range Pointer Offset"
},
"notes": [
{
"category": "summary",
"text": "inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9841"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-1000120",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000120"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-5337",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5337"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-9843",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"notes": [
{
"category": "summary",
"text": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9843"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-1000257",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl\u0027s deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000257"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-1000122",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000122"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-1000301",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl \u003c 7.20.0 and curl \u003e= 7.60.0.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000301"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-1000005",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn\u0027t updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000005"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-9842",
"cwe": {
"id": "CWE-1335",
"name": "Incorrect Bitwise Shift of Integer"
},
"notes": [
{
"category": "summary",
"text": "The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9842"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-9840",
"cwe": {
"id": "CWE-823",
"name": "Use of Out-of-range Pointer Offset"
},
"notes": [
{
"category": "summary",
"text": "inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9840"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-9952",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by \"*.com.\"",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9952"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-1247",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1247"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-9023",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9023"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-6301",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6301"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-7141",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7141"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-7444",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "summary",
"text": "The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7444"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-1000121",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000121"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-1000254",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000254"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-11108",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11108"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-11185",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11185"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-3731",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3731"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-9233",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9233"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-5335",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5335"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-9022",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9022"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-1000117",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000117"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-5388",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5388"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-1000101",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000101"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-1000100",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn\u0027t restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl\u0027s redirect protocols with --proto-redir and libcurl\u0027s with CURLOPT_REDIR_PROTOCOLS.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000100"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-7103",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7103"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9251"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-3738",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3738"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-0737",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0737"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-3737",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3737"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-15906",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "summary",
"text": "The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15906"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-3735",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3735"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
fkie_cve-2015-9251
Vulnerability from fkie_nvd
Published
2018-01-18 23:29
Modified
2024-11-21 02:40
Severity ?
Summary
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD7C3A9-7A77-4553-9893-D16D9FDC84AB",
"versionEndExcluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A079FD6E-3BB0-4997-9A8E-6F8FEC89887A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "900D2344-5160-42A0-8C49-36DBC7FF3D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4AA4B21-1BA9-4ED8-B9EA-558AF8655D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C3F9EE5-FCFC-45B8-9F57-C05D42EE0FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3DF1971-3FD9-4954-AF2D-DDA0B24B89CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8972497F-6E24-45A9-9A18-EB0E842CB1D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "400509A8-D6F2-432C-A2F1-AD5B8778D0D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "013043A2-0765-4AF5-ABFC-6A8960FFBFD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B887E174-57AB-449D-AEE4-82DD1A3E5C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC361999-AAD8-4CB3-B00E-E3990C3529B4",
"versionEndExcluding": "7.0.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C510CE66-DD71-45C8-B678-9BD81EC7FFBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0A211C-7C3D-46AE-B525-890A9194C422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AD7C68-81DF-4332-AEB3-B368E0221F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97C1FA4C-5163-420C-A01A-EA36F1039BBB",
"versionEndExcluding": "6.1.0.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77120A3C-9A48-45FC-A620-5072AF325ACF",
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BED45FB9-410F-4FC6-ACEB-49476F1C50BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D03A8C9-35A5-4B75-9711-7A4A60457307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE12B6A4-E128-41EC-8017-558F50B961BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "835BFCBC-848C-4A2C-BDE7-3D94CEC3F5D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1B7A35-B332-476E-A676-C2CD4D72FA50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5BC32AA-78BE-468B-B92A-5A0FFFA970FA",
"versionEndIncluding": "7.3.5",
"versionStartIncluding": "7.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47E1F95E-A3A5-4996-B951-0F946CB11210",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "703DA91D-3440-4C67-AA20-78F71B1376DD",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73E05211-8415-42FB-9B93-959EB03B090B",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC15899F-8528-4D10-8CD5-F67121D7F293",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30657F1B-D1FC-4EE6-9854-18993294A01D",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E376C9FB-1870-4B4E-8D69-02A70C0A041C",
"versionEndIncluding": "8.0.6",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6C521C-F104-4E26-82F2-6F63F94108BC",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "402B8642-7ACC-4F42-87A9-AB4D3B581751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF6D5112-4055-4F89-A5B3-0DCB109481B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3830C0-2B9F-41BD-94C9-E3718467A1AC",
"versionEndIncluding": "8.0.6",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6D027285-07C1-4B3A-AB54-4426C16E236A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3831F35C-DED2-4E40-AA94-1512E106BFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06E586B3-3434-4B08-8BE3-16C528642CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C36C520-B5F5-45F1-B55F-62859CDA012E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EAAFF95-000C-4D78-98FF-9EDE9D966A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5ACB1D2-69CE-4B7D-9B51-D8F80E541631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "03C46CCD-B49F-405A-A0A0-E0DFBA60F0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC63D10-2326-4542-B345-31D45B9A7408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCBF2756-B831-4E6E-A15B-2A11DD48DB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D76453B-95AF-4AC4-8096-7D117F69B45B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE3671B-EB36-490A-BA70-575FCA332B94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E03A631E-253A-4C56-9986-97F86C323482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7506589-9B3B-49BA-B826-774BFDCC45B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "042C243F-EDFE-4A04-AB0B-26E73CC34837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A81D092-FC04-4B7D-83FB-58D402B5EF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
"matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBFA960-D242-43ED-8D4C-A60F01B70740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0513B305-97EF-4609-A82E-D0CDFF9925BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
"matchCriteriaId": "61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8249A74-C34A-4F66-8F11-F7F50F8813BF",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A108B4EF-768F-4118-86B5-C0D9CDDE6A6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "686D4323-4B05-4B92-B598-594A31F937C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD4AB77A-E829-4603-AF6A-97B9CD0D687F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE15D64-6F49-4F43-8079-0C7827384C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "788F2530-F011-4489-8029-B3468BAF7787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68B5147A-F6A3-499E-815D-6DAABDA33B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*",
"matchCriteriaId": "26C5CF80-8CFF-44D9-B3ED-C259847E9C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*",
"matchCriteriaId": "569644AC-69AD-412D-B399-4052D4DB2928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70BEF219-45EC-4A53-A815-42FBE20FC300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA2023A-1AD6-41FE-A214-9D1F6021D6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3FFFBA49-F340-4A3D-BE8C-73213A669855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B491FB70-B6FC-4063-BE00-CAD664B39055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70E13C38-9FC3-46BD-B9A4-1033C98C19D3",
"versionEndIncluding": "4.3.0.4",
"versionStartIncluding": "4.3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1E1CA5-D443-4C5D-8F43-550106FFE3DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB4709C-6373-43CC-918C-876A6569865A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F745235C-55A9-4353-A4CB-4B7834BDD63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFF04EF-B1C3-4601-878A-35EA6A15EF0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed."
},
{
"lang": "es",
"value": "jQuery en versiones anteriores a la 3.0.0 es vulnerable a ataques de Cross-site Scripting (XSS) cuando se realiza una petici\u00f3n Ajax de dominios cruzados sin la opci\u00f3n dataType. Esto provoca que se ejecuten respuestas de texto/javascript."
}
],
"id": "CVE-2015-9251",
"lastModified": "2024-11-21T02:40:09.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-18T23:29:00.307",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105658"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2020:0481"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery/issues/2432"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery/pull/2588"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04"
},
{
"source": "cve@mitre.org",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20210108-0004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/npm:jquery:20150627"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2020:0481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery/issues/2432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery/pull/2588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20210108-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/npm:jquery:20150627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.tenable.com/security/tns-2019-08"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
wid-sec-w-2023-0239
Vulnerability from csaf_certbund
Published
2023-01-31 23:00
Modified
2024-02-28 23:00
Summary
Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JBoss Enterprise Application Platform ist eine skalierbare Plattform f\u00fcr Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0239 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0239.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0239 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0239"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0552 vom 2023-01-31",
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0553 vom 2023-01-31",
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0554 vom 2023-01-31",
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0556 vom 2023-01-31",
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0560 vom 2023-02-08",
"url": "https://access.redhat.com/errata/RHSA-2023:0560"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0713 vom 2023-02-09",
"url": "https://access.redhat.com/errata/RHSA-2023:0713"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1044 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1044"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1043 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1043"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1049 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1047 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1047"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1045 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1045"
},
{
"category": "external",
"summary": "F5 Security Advisory K48382137 vom 2023-04-21",
"url": "https://my.f5.com/manage/s/article/K48382137"
},
{
"category": "external",
"summary": "F5 Security Advisory K05380109 vom 2023-04-20",
"url": "https://my.f5.com/manage/s/article/K05380109"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3223 vom 2023-05-18",
"url": "https://access.redhat.com/errata/RHSA-2023:3223"
},
{
"category": "external",
"summary": "Hitachi Software Vulnerability Information hitachi-sec-2023-116 vom 2023-05-23",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-116/index.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4983 vom 2023-09-05",
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2023-143 vom 2023-10-03",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-143/index.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2023-409 vom 2023-12-23",
"url": "https://www.dell.com/support/kbdoc/000220669/dsa-2023-="
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1027 vom 2024-02-28",
"url": "https://access.redhat.com/errata/RHSA-2024:1027"
}
],
"source_lang": "en-US",
"title": "Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-02-28T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:42:48.458+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0239",
"initial_release_date": "2023-01-31T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-01-31T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-02-08T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-02-09T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-01T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-04-20T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von F5 aufgenommen"
},
{
"date": "2023-05-18T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-05-22T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2023-09-05T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-10-03T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2023-12-26T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-02-28T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T017562",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c Common Services 10.9.3-00",
"product": {
"name": "Hitachi Ops Center \u003c Common Services 10.9.3-00",
"product_id": "T030195"
}
}
],
"category": "product_name",
"name": "Ops Center"
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "Streams \u003c 2.4.0",
"product": {
"name": "Red Hat JBoss A-MQ Streams \u003c 2.4.0",
"product_id": "T027764"
}
}
],
"category": "product_name",
"name": "JBoss A-MQ"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 7.4.9",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c 7.4.9",
"product_id": "T026073"
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "container platform 4.0.51",
"product": {
"name": "Red Hat OpenShift container platform 4.0.51",
"product_id": "T026183",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4.0.51"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2015-9251"
},
{
"cve": "CVE-2016-10735",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2016-10735"
},
{
"cve": "CVE-2017-18214",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2017-18214"
},
{
"cve": "CVE-2018-14040",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2018-14040"
},
{
"cve": "CVE-2018-14041",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2018-14041"
},
{
"cve": "CVE-2018-14042",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2018-14042"
},
{
"cve": "CVE-2019-11358",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2019-11358"
},
{
"cve": "CVE-2019-8331",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2019-8331"
},
{
"cve": "CVE-2020-11022",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2020-11022"
},
{
"cve": "CVE-2020-11023",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2020-11023"
},
{
"cve": "CVE-2022-3143",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-3143"
},
{
"cve": "CVE-2022-40149",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-40149"
},
{
"cve": "CVE-2022-40150",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-40150"
},
{
"cve": "CVE-2022-40152",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-40152"
},
{
"cve": "CVE-2022-42003",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-42004",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-42004"
},
{
"cve": "CVE-2022-45047",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-45047"
},
{
"cve": "CVE-2022-45693",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-45693"
},
{
"cve": "CVE-2022-46364",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-46364"
}
]
}
WID-SEC-W-2023-0239
Vulnerability from csaf_certbund
Published
2023-01-31 23:00
Modified
2024-02-28 23:00
Summary
Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JBoss Enterprise Application Platform ist eine skalierbare Plattform f\u00fcr Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0239 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0239.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0239 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0239"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0552 vom 2023-01-31",
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0553 vom 2023-01-31",
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0554 vom 2023-01-31",
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0556 vom 2023-01-31",
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0560 vom 2023-02-08",
"url": "https://access.redhat.com/errata/RHSA-2023:0560"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0713 vom 2023-02-09",
"url": "https://access.redhat.com/errata/RHSA-2023:0713"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1044 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1044"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1043 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1043"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1049 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1047 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1047"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1045 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1045"
},
{
"category": "external",
"summary": "F5 Security Advisory K48382137 vom 2023-04-21",
"url": "https://my.f5.com/manage/s/article/K48382137"
},
{
"category": "external",
"summary": "F5 Security Advisory K05380109 vom 2023-04-20",
"url": "https://my.f5.com/manage/s/article/K05380109"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3223 vom 2023-05-18",
"url": "https://access.redhat.com/errata/RHSA-2023:3223"
},
{
"category": "external",
"summary": "Hitachi Software Vulnerability Information hitachi-sec-2023-116 vom 2023-05-23",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-116/index.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4983 vom 2023-09-05",
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2023-143 vom 2023-10-03",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-143/index.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2023-409 vom 2023-12-23",
"url": "https://www.dell.com/support/kbdoc/000220669/dsa-2023-="
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1027 vom 2024-02-28",
"url": "https://access.redhat.com/errata/RHSA-2024:1027"
}
],
"source_lang": "en-US",
"title": "Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-02-28T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:42:48.458+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0239",
"initial_release_date": "2023-01-31T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-01-31T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-02-08T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-02-09T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-01T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-04-20T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von F5 aufgenommen"
},
{
"date": "2023-05-18T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-05-22T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2023-09-05T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-10-03T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2023-12-26T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-02-28T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T017562",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c Common Services 10.9.3-00",
"product": {
"name": "Hitachi Ops Center \u003c Common Services 10.9.3-00",
"product_id": "T030195"
}
}
],
"category": "product_name",
"name": "Ops Center"
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "Streams \u003c 2.4.0",
"product": {
"name": "Red Hat JBoss A-MQ Streams \u003c 2.4.0",
"product_id": "T027764"
}
}
],
"category": "product_name",
"name": "JBoss A-MQ"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 7.4.9",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c 7.4.9",
"product_id": "T026073"
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "container platform 4.0.51",
"product": {
"name": "Red Hat OpenShift container platform 4.0.51",
"product_id": "T026183",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4.0.51"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2015-9251"
},
{
"cve": "CVE-2016-10735",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2016-10735"
},
{
"cve": "CVE-2017-18214",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2017-18214"
},
{
"cve": "CVE-2018-14040",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2018-14040"
},
{
"cve": "CVE-2018-14041",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2018-14041"
},
{
"cve": "CVE-2018-14042",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2018-14042"
},
{
"cve": "CVE-2019-11358",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2019-11358"
},
{
"cve": "CVE-2019-8331",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2019-8331"
},
{
"cve": "CVE-2020-11022",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2020-11022"
},
{
"cve": "CVE-2020-11023",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2020-11023"
},
{
"cve": "CVE-2022-3143",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-3143"
},
{
"cve": "CVE-2022-40149",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-40149"
},
{
"cve": "CVE-2022-40150",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-40150"
},
{
"cve": "CVE-2022-40152",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-40152"
},
{
"cve": "CVE-2022-42003",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-42004",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-42004"
},
{
"cve": "CVE-2022-45047",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-45047"
},
{
"cve": "CVE-2022-45693",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-45693"
},
{
"cve": "CVE-2022-46364",
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform existieren mehrere Schwachstellen. Diese bestehen aufgrund von Fehlern in verschiedenen Komponenten. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T026183",
"67646",
"T001663",
"T027764",
"T030195",
"T017562"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-46364"
}
]
}
wid-sec-w-2024-1682
Vulnerability from csaf_certbund
Published
2019-04-16 22:00
Modified
2024-07-21 22:00
Summary
Oracle Retail Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Retail Allocation ist ein Verwaltungswerkzeug.
Oracle MICROS bietet eine Reihe von Software, Hardware und Dienstleistungen zusammen mit schnell wachsenden Cloud Lösungen für Abrechnung und Verwaltung in Unternehmen des Hotel- und Gaststättengewerbes, Reiseveranstalter und Veranstaltern von Kreuzfahrten sowie in Unternehmen der Freizeit- und Unterhaltungsbranche.
Oracle Invoice Matching ist ein Tool zum Verwalten von Lieferantenrechnungen.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um dadurch die Integrität, Vertraulichkeit und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Retail Allocation ist ein Verwaltungswerkzeug.\r\nOracle MICROS bietet eine Reihe von Software, Hardware und Dienstleistungen zusammen mit schnell wachsenden Cloud L\u00f6sungen f\u00fcr Abrechnung und Verwaltung in Unternehmen des Hotel- und Gastst\u00e4ttengewerbes, Reiseveranstalter und Veranstaltern von Kreuzfahrten sowie in Unternehmen der Freizeit- und Unterhaltungsbranche.\r\nOracle Invoice Matching ist ein Tool zum Verwalten von Lieferantenrechnungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um dadurch die Integrit\u00e4t, Vertraulichkeit und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1682 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2024-1682.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1682 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1682"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2019 vom 2019-04-16",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixRAPP"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20240719-0002 vom 2024-07-19",
"url": "https://security.netapp.com/advisory/ntap-20240719-0002/"
}
],
"source_lang": "en-US",
"title": "Oracle Retail Applications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-07-21T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:11:37.885+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-1682",
"initial_release_date": "2019-04-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2019-04-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-07-21T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von NetApp aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T034125",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "15.0.2",
"product": {
"name": "Oracle Retail Allocation 15.0.2",
"product_id": "T014004",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_allocation:15.0.2"
}
}
}
],
"category": "product_name",
"name": "Retail Allocation"
},
{
"branches": [
{
"category": "product_version",
"name": "12",
"product": {
"name": "Oracle Retail Invoice Matching 12.0",
"product_id": "T001982",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:12.0"
}
}
},
{
"category": "product_version",
"name": "13",
"product": {
"name": "Oracle Retail Invoice Matching 13.0",
"product_id": "T001985",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:13.0"
}
}
},
{
"category": "product_version",
"name": "13.2",
"product": {
"name": "Oracle Retail Invoice Matching 13.2",
"product_id": "T001987",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:13.2"
}
}
},
{
"category": "product_version",
"name": "14",
"product": {
"name": "Oracle Retail Invoice Matching 14.0",
"product_id": "T004005",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:14.0"
}
}
},
{
"category": "product_version",
"name": "13.1",
"product": {
"name": "Oracle Retail Invoice Matching 13.1",
"product_id": "T004011",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:13.1"
}
}
},
{
"category": "product_version",
"name": "15",
"product": {
"name": "Oracle Retail Invoice Matching 15.0",
"product_id": "T012089",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:15.0"
}
}
},
{
"category": "product_version",
"name": "14.1",
"product": {
"name": "Oracle Retail Invoice Matching 14.1",
"product_id": "T014012",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:14.1"
}
}
}
],
"category": "product_name",
"name": "Retail Invoice Matching"
},
{
"branches": [
{
"category": "product_version",
"name": "2.9.5.6",
"product": {
"name": "Oracle Retail MICROS 2.9.5.6",
"product_id": "T014005",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:micros:2.9.5.6"
}
}
},
{
"category": "product_version",
"name": "2.9.5.7",
"product": {
"name": "Oracle Retail MICROS 2.9.5.7",
"product_id": "T014006",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:micros:2.9.5.7"
}
}
},
{
"category": "product_version",
"name": "11.4",
"product": {
"name": "Oracle Retail MICROS 11.4",
"product_id": "T014007",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:micros:11.4"
}
}
},
{
"category": "product_version",
"name": "12.1.2",
"product": {
"name": "Oracle Retail MICROS 12.1.2",
"product_id": "T014008",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:micros:12.1.2"
}
}
}
],
"category": "product_name",
"name": "Retail MICROS"
},
{
"branches": [
{
"category": "product_version",
"name": "1.60.9.0.0",
"product": {
"name": "Oracle Retail Workforce Management 1.60.9.0.0",
"product_id": "T014013",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_workforce_management:1.60.9.0.0"
}
}
}
],
"category": "product_name",
"name": "Retail Workforce Management"
},
{
"branches": [
{
"category": "product_version",
"name": "7",
"product": {
"name": "Oracle Retail Xstore Point of Service 7.0",
"product_id": "T012096",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_point-of-service:7.0"
}
}
},
{
"category": "product_version",
"name": "7.1",
"product": {
"name": "Oracle Retail Xstore Point of Service 7.1",
"product_id": "T012099",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_point-of-service:7.1"
}
}
}
],
"category": "product_name",
"name": "Retail Xstore Point of Service"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-9515",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2014-9515"
},
{
"cve": "CVE-2015-9251",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2015-9251"
},
{
"cve": "CVE-2016-1000031",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2016-1000031"
},
{
"cve": "CVE-2017-5533",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2017-5533"
},
{
"cve": "CVE-2018-1000180",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-1000180"
},
{
"cve": "CVE-2018-1000613",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-1000613"
},
{
"cve": "CVE-2018-11763",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-11763"
},
{
"cve": "CVE-2018-11784",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-11784"
},
{
"cve": "CVE-2018-12022",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-12022"
},
{
"cve": "CVE-2018-12023",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-12023"
},
{
"cve": "CVE-2018-1304",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-1304"
},
{
"cve": "CVE-2018-1305",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-1305"
},
{
"cve": "CVE-2018-14718",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-14718"
},
{
"cve": "CVE-2018-14719",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-14719"
},
{
"cve": "CVE-2018-14720",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-14720"
},
{
"cve": "CVE-2018-14721",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-14721"
},
{
"cve": "CVE-2018-15756",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-15756"
},
{
"cve": "CVE-2018-19360",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-19360"
},
{
"cve": "CVE-2018-19361",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-19361"
},
{
"cve": "CVE-2018-19362",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-19362"
},
{
"cve": "CVE-2018-2880",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-2880"
},
{
"cve": "CVE-2018-3120",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-3120"
},
{
"cve": "CVE-2018-3312",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-3312"
},
{
"cve": "CVE-2018-3314",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-3314"
},
{
"cve": "CVE-2018-7489",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-7489"
},
{
"cve": "CVE-2018-8034",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-8034"
},
{
"cve": "CVE-2019-2424",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2019-2424"
},
{
"cve": "CVE-2019-2558",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2019-2558"
},
{
"cve": "CVE-2019-3772",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2019-3772"
}
]
}
wid-sec-w-2024-1872
Vulnerability from csaf_certbund
Published
2021-07-25 22:00
Modified
2024-08-15 22:00
Summary
IBM QRadar SIEM: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff
Ein entfernter anonymer oder authentifizierter Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen und einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer oder authentifizierter Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1872 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2024-1872.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1872 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1872"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2021-07-25",
"url": "https://www.ibm.com/support/pages/node/6474847"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2021-07-25",
"url": "https://www.ibm.com/support/pages/node/6474843"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7165686 vom 2024-08-16",
"url": "https://www.ibm.com/support/pages/node/7165686"
}
],
"source_lang": "en-US",
"title": "IBM QRadar SIEM: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-08-15T22:00:00.000+00:00",
"generator": {
"date": "2024-08-16T10:07:42.475+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-1872",
"initial_release_date": "2021-07-25T22:00:00.000+00:00",
"revision_history": [
{
"date": "2021-07-25T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-08-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.4.3 Patch 1",
"product": {
"name": "IBM QRadar SIEM \u003c7.4.3 Patch 1",
"product_id": "T019825"
}
},
{
"category": "product_version_range",
"name": "\u003c7.3.3 Patch 9",
"product": {
"name": "IBM QRadar SIEM \u003c7.3.3 Patch 9",
"product_id": "T019964"
}
},
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-20337",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in IBM QRadar SIEM. Der Fehler besteht aufgrund der Verwendung eines schwachen kryptografischen Algorithmus. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T022954"
]
},
"release_date": "2021-07-25T22:00:00.000+00:00",
"title": "CVE-2021-20337"
},
{
"cve": "CVE-2015-9251",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T022954"
]
},
"release_date": "2021-07-25T22:00:00.000+00:00",
"title": "CVE-2015-9251"
},
{
"cve": "CVE-2019-11358",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T022954"
]
},
"release_date": "2021-07-25T22:00:00.000+00:00",
"title": "CVE-2019-11358"
},
{
"cve": "CVE-2020-11022",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T022954"
]
},
"release_date": "2021-07-25T22:00:00.000+00:00",
"title": "CVE-2020-11022"
},
{
"cve": "CVE-2020-11023",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T022954"
]
},
"release_date": "2021-07-25T22:00:00.000+00:00",
"title": "CVE-2020-11023"
},
{
"cve": "CVE-2020-11987",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T022954"
]
},
"release_date": "2021-07-25T22:00:00.000+00:00",
"title": "CVE-2020-11987"
},
{
"cve": "CVE-2020-13954",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T022954"
]
},
"release_date": "2021-07-25T22:00:00.000+00:00",
"title": "CVE-2020-13954"
},
{
"cve": "CVE-2020-13956",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T022954"
]
},
"release_date": "2021-07-25T22:00:00.000+00:00",
"title": "CVE-2020-13956"
},
{
"cve": "CVE-2020-8908",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T022954"
]
},
"release_date": "2021-07-25T22:00:00.000+00:00",
"title": "CVE-2020-8908"
},
{
"cve": "CVE-2021-28657",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T022954"
]
},
"release_date": "2021-07-25T22:00:00.000+00:00",
"title": "CVE-2021-28657"
}
]
}
gsd-2015-9251
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-9251",
"description": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"id": "GSD-2015-9251",
"references": [
"https://www.suse.com/security/cve/CVE-2015-9251.html",
"https://access.redhat.com/errata/RHSA-2020:4847",
"https://access.redhat.com/errata/RHSA-2020:4670",
"https://access.redhat.com/errata/RHSA-2020:3936",
"https://access.redhat.com/errata/RHSA-2020:0983",
"https://access.redhat.com/errata/RHSA-2020:0729",
"https://access.redhat.com/errata/RHSA-2020:0481",
"https://security.archlinux.org/CVE-2015-9251",
"https://alas.aws.amazon.com/cve/html/CVE-2015-9251.html",
"https://linux.oracle.com/cve/CVE-2015-9251.html",
"https://access.redhat.com/errata/RHSA-2023:0552",
"https://access.redhat.com/errata/RHSA-2023:0553",
"https://access.redhat.com/errata/RHSA-2023:0554",
"https://access.redhat.com/errata/RHSA-2023:0556"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-9251"
],
"details": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"id": "GSD-2015-9251",
"modified": "2023-12-13T01:20:02.841541Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105658"
},
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "[flink-user] 20190811 Apache flink 1.7.2 security issues",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-user] 20190813 Apache flink 1.7.2 security issues",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E"
},
{
"name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "RHSA-2020:0481",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0481"
},
{
"name": "RHSA-2020:0729",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
},
{
"name": "openSUSE-SU-2020:0395",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://github.com/jquery/jquery/issues/2432",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery/issues/2432"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf",
"refsource": "MISC",
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf"
},
{
"name": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
},
{
"name": "https://snyk.io/vuln/npm:jquery:20150627",
"refsource": "MISC",
"url": "https://snyk.io/vuln/npm:jquery:20150627"
},
{
"name": "https://github.com/jquery/jquery/pull/2588",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery/pull/2588"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04"
},
{
"name": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://www.tenable.com/security/tns-2019-08",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210108-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210108-0004/"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c4.2.0",
"affected_versions": "All versions before 4.2.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2023-07-10",
"description": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"fixed_versions": [
"4.2.0"
],
"identifier": "CVE-2015-9251",
"identifiers": [
"GHSA-rmxg-73gg-4p98",
"CVE-2015-9251"
],
"not_impacted": "All versions starting from 4.2.0",
"package_slug": "gem/jquery-rails",
"pubdate": "2018-01-22",
"solution": "Upgrade to version 4.2.0 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"https://github.com/jquery/jquery/issues/2432",
"https://github.com/jquery/jquery/pull/2588",
"https://github.com/jquery/jquery/commit/b078a62013782c7424a4a61a240c23c4c0b42614",
"https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2",
"https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc",
"https://access.redhat.com/errata/RHSA-2020:0481",
"https://access.redhat.com/errata/RHSA-2020:0729",
"https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04",
"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E",
"https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E",
"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
"https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E",
"https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E",
"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E",
"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
"https://seclists.org/bugtraq/2019/May/18",
"https://security.netapp.com/advisory/ntap-20210108-0004/",
"https://snyk.io/vuln/npm:jquery:20150627",
"https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/security-alerts/cpuoct2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"https://www.tenable.com/security/tns-2019-08",
"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html",
"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
"http://seclists.org/fulldisclosure/2019/May/10",
"http://seclists.org/fulldisclosure/2019/May/11",
"http://seclists.org/fulldisclosure/2019/May/13",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450227",
"https://github.com/jquery/jquery/issues/2432#issuecomment-403761229",
"https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#420",
"https://github.com/rails/jquery-rails/blob/v4.2.0/vendor/assets/javascripts/jquery3.js#L9377",
"https://web.archive.org/web/20200227030101/http://www.securityfocus.com/bid/105658",
"https://github.com/rails/jquery-rails/releases/tag/v4.2.0",
"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2015-9251.yml",
"https://github.com/advisories/GHSA-rmxg-73gg-4p98"
],
"uuid": "5f275e07-0594-420c-b2b9-b85efb7d503b"
},
{
"affected_range": "\u003c6.1.2",
"affected_versions": "All versions before 6.1.2",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2019-06-10",
"description": "The jQuery library, which is included in rdoc, is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing `text/javascript` responses to be executed.",
"fixed_versions": [
"6.1.2"
],
"identifier": "CVE-2015-9251",
"identifiers": [
"CVE-2015-9251"
],
"not_impacted": "All versions starting from 6.1.2",
"package_slug": "gem/rdoc",
"pubdate": "2018-01-18",
"solution": "Upgrade to version 6.1.2 or above",
"title": "Cross-site Scripting",
"urls": [
"https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/"
],
"uuid": "2e2f98c8-8519-47d7-bcc4-744fb59f603f"
},
{
"affected_range": "\u003c3.0.0",
"affected_versions": "All versions before 3.0.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2021-09-17",
"description": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"fixed_versions": [
"3.0.0"
],
"identifier": "CVE-2015-9251",
"identifiers": [
"GHSA-rmxg-73gg-4p98",
"CVE-2015-9251"
],
"not_impacted": "All versions starting from 3.0.0",
"package_slug": "npm/jquery",
"pubdate": "2018-01-22",
"solution": "Upgrade to version 3.0.0 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"https://github.com/jquery/jquery/issues/2432",
"https://github.com/jquery/jquery/pull/2588",
"https://github.com/jquery/jquery/commit/b078a62013782c7424a4a61a240c23c4c0b42614",
"https://github.com/advisories/GHSA-rmxg-73gg-4p98",
"https://www.npmjs.com/advisories/328",
"https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2",
"https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc",
"https://access.redhat.com/errata/RHSA-2020:0481",
"https://access.redhat.com/errata/RHSA-2020:0729",
"https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04",
"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E",
"https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E",
"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
"https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E",
"https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E",
"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E",
"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
"https://seclists.org/bugtraq/2019/May/18",
"https://security.netapp.com/advisory/ntap-20210108-0004/",
"https://snyk.io/vuln/npm:jquery:20150627",
"https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/security-alerts/cpuoct2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"https://www.tenable.com/security/tns-2019-08",
"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html",
"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
"http://seclists.org/fulldisclosure/2019/May/10",
"http://seclists.org/fulldisclosure/2019/May/11",
"http://seclists.org/fulldisclosure/2019/May/13",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/105658"
],
"uuid": "24eaef8b-a662-4015-8619-84f1eb756395"
},
{
"affected_range": "(,3.0.0)",
"affected_versions": "All versions before 3.0.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2023-05-31",
"description": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"fixed_versions": [
"3.0.0"
],
"identifier": "CVE-2015-9251",
"identifiers": [
"GHSA-rmxg-73gg-4p98",
"CVE-2015-9251"
],
"not_impacted": "All versions starting from 3.0.0",
"package_slug": "nuget/jQuery",
"pubdate": "2018-01-22",
"solution": "Upgrade to version 3.0.0 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
"https://github.com/jquery/jquery/issues/2432",
"https://github.com/jquery/jquery/pull/2588",
"https://github.com/jquery/jquery/commit/b078a62013782c7424a4a61a240c23c4c0b42614",
"https://github.com/advisories/GHSA-rmxg-73gg-4p98",
"https://www.npmjs.com/advisories/328",
"https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2",
"https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc",
"https://access.redhat.com/errata/RHSA-2020:0481",
"https://access.redhat.com/errata/RHSA-2020:0729",
"https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04",
"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E",
"https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E",
"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
"https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E",
"https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E",
"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E",
"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
"https://seclists.org/bugtraq/2019/May/18",
"https://security.netapp.com/advisory/ntap-20210108-0004/",
"https://snyk.io/vuln/npm:jquery:20150627",
"https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/security-alerts/cpuoct2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"https://www.tenable.com/security/tns-2019-08",
"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html",
"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
"http://seclists.org/fulldisclosure/2019/May/10",
"http://seclists.org/fulldisclosure/2019/May/11",
"http://seclists.org/fulldisclosure/2019/May/13",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/105658",
"https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450227",
"https://github.com/jquery/jquery/issues/2432#issuecomment-403761229"
],
"uuid": "371130be-39cc-46c6-8793-2251235a4bb9"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.5",
"versionStartIncluding": "7.3.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.0.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.3.0.4",
"versionStartIncluding": "4.3.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.6",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.6",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9251"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/npm:jquery:20150627",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/npm:jquery:20150627"
},
{
"name": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
},
{
"name": "https://github.com/jquery/jquery/pull/2588",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery/pull/2588"
},
{
"name": "https://github.com/jquery/jquery/issues/2432",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery/issues/2432"
},
{
"name": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
},
{
"name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "105658",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105658"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"refsource": "BUGTRAQ",
"tags": [],
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"refsource": "FULLDISC",
"tags": [],
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"refsource": "FULLDISC",
"tags": [],
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"refsource": "FULLDISC",
"tags": [],
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"tags": [],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "[flink-user] 20190811 Apache flink 1.7.2 security issues",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-user] 20190813 Apache flink 1.7.2 security issues",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E"
},
{
"name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"tags": [],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "https://www.tenable.com/security/tns-2019-08",
"refsource": "CONFIRM",
"tags": [],
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"tags": [],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "RHSA-2020:0481",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2020:0481"
},
{
"name": "RHSA-2020:0729",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
},
{
"name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"name": "openSUSE-SU-2020:0395",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"tags": [],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"tags": [],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"refsource": "CONFIRM",
"tags": [],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210108-0004/",
"refsource": "CONFIRM",
"tags": [],
"url": "https://security.netapp.com/advisory/ntap-20210108-0004/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2021-01-08T12:15Z",
"publishedDate": "2018-01-18T23:29Z"
}
}
}
var-201801-0036
Vulnerability from variot
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. A cross-site scripting vulnerability exists in jQuery versions prior to 3.0.0. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. 1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA 1732981 - When nuxwdog is enabled pkidaemon status shows instances as stopped. Description:
Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Installation instructions are located in the download section of the customer portal.
The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: ipa security, bug fix, and enhancement update Advisory ID: RHSA-2020:3936-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3936 Issue date: 2020-09-29 CVE Names: CVE-2015-9251 CVE-2016-10735 CVE-2018-14040 CVE-2018-14042 CVE-2018-20676 CVE-2018-20677 CVE-2019-8331 CVE-2019-11358 CVE-2020-1722 CVE-2020-11022 ==================================================================== 1. Summary:
An update for ipa is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
- Description:
Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.
The following packages have been upgraded to a later upstream version: ipa (4.6.8). (BZ#1819725)
Security Fix(es):
-
js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
-
bootstrap: XSS in the data-target attribute (CVE-2016-10735)
-
bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
-
bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. (CVE-2018-14042)
-
bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)
-
bootstrap: XSS in the affix configuration target property (CVE-2018-20677)
-
bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
-
js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
ipa: No password length restriction leads to denial of service (CVE-2020-1722)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests 1404770 - ID Views: do not allow custom Views for the masters 1545755 - ipa-replica-prepare should not update pki admin password. 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. 1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute 1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1701972 - CVE-2019-11358 js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection 1754902 - Running ipa-server-install fails when RHEL 7.7 packages are installed on RHEL 7.6 1755535 - ipa-advise on a RHEL7 IdM server is not able to generate a configuration script for a RHEL8 IdM client 1756568 - ipa-server-certinstall man page does not match built-in help. 1758406 - KRA authentication fails when IPA CA has custom Subject DN 1769791 - Invisible part of notification area in Web UI intercepts clicks of some page elements 1771356 - Default client configuration breaks ssh in FIPS mode. 1780548 - Man page ipa-cacert-manage does not display correctly on RHEL 1782587 - add "systemctl restart sssd" to warning message when adding trust agents to replicas 1788718 - ipa-server-install incorrectly setting slew mode (-x) when setting up ntpd 1788907 - Renewed certs are not picked up by IPA CAs 1793071 - CVE-2020-1722 ipa: No password length restriction leads to denial of service 1795890 - ipa-pkinit-manage enable fails on replica if it doesn't host the CA 1801791 - Compatibility Schema difference in functionality for systems following RHEL 7.5 -> 7.6 upgrade path as opposed to new RHEL 7.6 systems 1817886 - ipa group-add-member: prevent adding IPA objects as external members 1817918 - Secure tomcat AJP connector 1817919 - Enable compat tree to provide information about AD users and groups on trust agents 1817922 - covscan memory leaks report 1817923 - IPA upgrade is failing with error "Failed to get request: bus, object_path and dbus_interface must not be None." 1817927 - host-add --password logs cleartext userpassword to Apache error log 1819725 - Rebase IPA to latest 4.6.x version 1825829 - ipa-advise on a RHEL7 IdM server generate a configuration script for client having hardcoded python3 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1829787 - ipa service-del deletes the required principal when specified in lower/upper case 1834385 - Man page syntax issue detected by rpminspect 1842950 - ipa-adtrust-install fails when replica is offline
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: ipa-4.6.8-5.el7.src.rpm
noarch: ipa-client-common-4.6.8-5.el7.noarch.rpm ipa-common-4.6.8-5.el7.noarch.rpm ipa-python-compat-4.6.8-5.el7.noarch.rpm python2-ipaclient-4.6.8-5.el7.noarch.rpm python2-ipalib-4.6.8-5.el7.noarch.rpm
x86_64: ipa-client-4.6.8-5.el7.x86_64.rpm ipa-debuginfo-4.6.8-5.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: ipa-server-common-4.6.8-5.el7.noarch.rpm ipa-server-dns-4.6.8-5.el7.noarch.rpm python2-ipaserver-4.6.8-5.el7.noarch.rpm
x86_64: ipa-debuginfo-4.6.8-5.el7.x86_64.rpm ipa-server-4.6.8-5.el7.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: ipa-4.6.8-5.el7.src.rpm
noarch: ipa-client-common-4.6.8-5.el7.noarch.rpm ipa-common-4.6.8-5.el7.noarch.rpm ipa-python-compat-4.6.8-5.el7.noarch.rpm python2-ipaclient-4.6.8-5.el7.noarch.rpm python2-ipalib-4.6.8-5.el7.noarch.rpm
x86_64: ipa-client-4.6.8-5.el7.x86_64.rpm ipa-debuginfo-4.6.8-5.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: ipa-server-common-4.6.8-5.el7.noarch.rpm ipa-server-dns-4.6.8-5.el7.noarch.rpm python2-ipaserver-4.6.8-5.el7.noarch.rpm
x86_64: ipa-debuginfo-4.6.8-5.el7.x86_64.rpm ipa-server-4.6.8-5.el7.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: ipa-4.6.8-5.el7.src.rpm
noarch: ipa-client-common-4.6.8-5.el7.noarch.rpm ipa-common-4.6.8-5.el7.noarch.rpm ipa-python-compat-4.6.8-5.el7.noarch.rpm ipa-server-common-4.6.8-5.el7.noarch.rpm ipa-server-dns-4.6.8-5.el7.noarch.rpm python2-ipaclient-4.6.8-5.el7.noarch.rpm python2-ipalib-4.6.8-5.el7.noarch.rpm python2-ipaserver-4.6.8-5.el7.noarch.rpm
ppc64: ipa-client-4.6.8-5.el7.ppc64.rpm ipa-debuginfo-4.6.8-5.el7.ppc64.rpm
ppc64le: ipa-client-4.6.8-5.el7.ppc64le.rpm ipa-debuginfo-4.6.8-5.el7.ppc64le.rpm
s390x: ipa-client-4.6.8-5.el7.s390x.rpm ipa-debuginfo-4.6.8-5.el7.s390x.rpm
x86_64: ipa-client-4.6.8-5.el7.x86_64.rpm ipa-debuginfo-4.6.8-5.el7.x86_64.rpm ipa-server-4.6.8-5.el7.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: ipa-4.6.8-5.el7.src.rpm
noarch: ipa-client-common-4.6.8-5.el7.noarch.rpm ipa-common-4.6.8-5.el7.noarch.rpm ipa-python-compat-4.6.8-5.el7.noarch.rpm ipa-server-common-4.6.8-5.el7.noarch.rpm ipa-server-dns-4.6.8-5.el7.noarch.rpm python2-ipaclient-4.6.8-5.el7.noarch.rpm python2-ipalib-4.6.8-5.el7.noarch.rpm python2-ipaserver-4.6.8-5.el7.noarch.rpm
x86_64: ipa-client-4.6.8-5.el7.x86_64.rpm ipa-debuginfo-4.6.8-5.el7.x86_64.rpm ipa-server-4.6.8-5.el7.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-9251 https://access.redhat.com/security/cve/CVE-2016-10735 https://access.redhat.com/security/cve/CVE-2018-14040 https://access.redhat.com/security/cve/CVE-2018-14042 https://access.redhat.com/security/cve/CVE-2018-20676 https://access.redhat.com/security/cve/CVE-2018-20677 https://access.redhat.com/security/cve/CVE-2019-8331 https://access.redhat.com/security/cve/CVE-2019-11358 https://access.redhat.com/security/cve/CVE-2020-1722 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX3Of/9zjgjWX9erEAQjmHBAAi+u4CgMbaduuYvMAMbNKqT/0X8Y02udQ maW4rfZ6udfHWJ21h1VlD/INXHB3sBFC2vpXsgJD7dTkUsZYIx73LrQFkakTzIWc xSQalxNs+Fjh/ot/JMiKQzQUmZeu/vUYgVB81y+hczg5dys3q1mnu42GWe18sJIc FCY2R3mBTnFUZoc/3JDHeVRJU8eq51oqRgNaz+Fl+CoFkR81P6mD8wybIIAsBx14 Ykya/awQf+OuBCe5tqfTV1+KS2U4+tqiqapzALt7dhjfA9Jayc9/UvQjGCyrmGvP +BBBPSqGOS81jpPo0ouM3OtadWrGAWERMwtrR+POUp1rnMxy2kI0EpebnzSOtJy2 xExPZtcTjjgWvIMDdrJJ5DXG6cP5j3GjyvFknmCtCqvXzo90gw73psi6roG+g/a8 UyML+be8jnJK7571X3dz6OCYBExaHqM21ukUEfdvddszhw92J3fxmDm5+picETB9 dZ++VtV1lCBOlKW1SDG/ggk7PeSRGTDL5IkekopO1w89r3QsfqyFudlsNT0dDgk7 8Kzn8YpCWln1Kp0UbVushKRT+KllZRTKzXTBfiEWiYtQiwyL9zj/DrxagXXbiPe7 5mZnk62sAdKya3On4ejgPQ8Nq8oKHzRfaig/CNaNiB00HgZcRdQokPQ9+DRnkdNS UR3S5ZAZvb8=SWQt -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Hello,
I identified several vulnerabilities in dotCMS v5.1.1 due to vulnerable open source dependencies.
Full security write up: http://secureli.com/dotcms-v5-1-1-vulnerable-open-source-dependencies/
The details:
/ROOT/html/js/scriptaculous/prototype.js
↳ prototypejs 1.5.0 prototypejs 1.5.0 has known vulnerabilities: severity: high; CVE: CVE-2008-7220; http://www.cvedetails.com/cve/CVE-2008-7220/ http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/
ROOT/assets/3/6/36c22c5d-c813-4869-a4b7-fcc10a74e8b6/fileAsset/jquery.min.js
↳ jquery 1.9.1 jquery 1.9.1 has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
ROOT/assets/5/1/515cba4e-ac64-4523-b683-8e38329e7f46/fileAsset/bootstrap.min.js ↳ bootstrap 3.2.0 bootstrap 3.2.0 has known vulnerabilities: severity: high; issue: 28236, summary: XSS in data-template, data-content and data-title properties of tooltip/popover, CVE: CVE-2019-8331; https://github.com/twbs/bootstrap/issues/28236 severity: medium; issue: 20184, summary: XSS in data-target property of scrollspy, CVE: CVE-2018-14041; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: 20184, summary: XSS in collapse data-parent attribute, CVE: CVE-2018-14040; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: 20184, summary: XSS in data-container property of tooltip, CVE: CVE-2018-14042; https://github.com/twbs/bootstrap/issues/20184
ROOT/assets/9/9/99c7ffe7-e1c2-407f-85b7-ec483dbcf6f1/fileAsset/jquery.min.js ↳ jquery 3.3.1 jquery 3.3.1 has known vulnerabilities: severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
ROOT/assets/f/6/f6fa6b13-3a96-4cbf-9a75-19a40137f05a/fileAsset/jquery.min.js
↳ jquery 1.9.1 jquery 1.9.1 has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
ROOT/assets/4/a/4a5a727f-369b-49e0-bff5-42d9efb4ba90/fileAsset/jquery-2.1.1.min.js
↳ jquery 2.1.1.min jquery 2.1.1.min has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
ROOT/html/js/dojo/custom-build/dojo/dojo.js
↳ dojo 1.8.6 dojo 1.8.6 has known vulnerabilities: severity: medium; PR: 307; https://github.com/dojo/dojo/pull/307 https://dojotoolkit.org/blog/dojo-1-14-released
ROOT/html/js/tinymce/js/tinymce/tinymce.min.js
↳ tinyMCE 4.1.6 tinyMCE 4.1.6 has known vulnerabilities: severity: medium; summary: xss issues with media plugin not properly filtering out some script attributes.; https://www.tinymce.com/docs/changelog/ severity: medium; summary: FIXED so script elements gets removed by default to prevent possible XSS issues in default config implementations; https://www.tinymce.com/docs/changelog/ severity: medium; summary: FIXED so links with xlink:href attributes are filtered correctly to prevent XSS.; https://www.tinymce.com/docs/changelog/ . Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001 JBEAP-23865 - GSS Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001 JBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001 JBEAP-23928 - Tracker bug for the EAP 7.4.9 release for RHEL-9 JBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001 JBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001 JBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001 JBEAP-24100 - GSS Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001 JBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value JBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001 JBEAP-24132 - GSS Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001 JBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001 JBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002 JBEAP-24191 - GSS Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001 JBEAP-24195 - GSS Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001 JBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003 JBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2 JBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001 JBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001
7
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0036",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.3.1"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "business process management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.1"
},
{
"model": "utilities framework",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.1"
},
{
"model": "retail workforce management software",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.64.0"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.3.0"
},
{
"model": "retail invoice matching",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "communications services gatekeeper",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.0.4.0"
},
{
"model": "financial services market risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services profitability management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "communications webrtc session controller",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "financial services asset liability management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "communications converged application server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0.0.1"
},
{
"model": "hospitality materials control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "jquery",
"scope": "lt",
"trust": 1.0,
"vendor": "jquery",
"version": "3.0.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "retail allocation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.2"
},
{
"model": "financial services funds transfer pricing",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.8.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.2"
},
{
"model": "financial services reconciliation framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.2.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.10"
},
{
"model": "retail workforce management software",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.60.9"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "business process management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.5"
},
{
"model": "utilities mobile workforce management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.3"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "enterprise operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "business process management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "financial services data integration hub",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services funds transfer pricing",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "fusion middleware mapviewer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "hospitality cruise fleet management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0.11"
},
{
"model": "financial services liquidity risk management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "enterprise operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4"
},
{
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "financial services profitability management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "financial services market risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "financial services liquidity risk management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.0"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.4"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "service bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3"
},
{
"model": "service bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "real-time scheduler",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.11"
},
{
"model": "financial services data integration hub",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "utilities framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.4"
},
{
"model": "financial services asset liability management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services reconciliation framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "oss support tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "hospitality reporting and analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.0.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.3.0.4",
"versionStartIncluding": "4.3.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.6",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.6",
"versionStartIncluding": "8.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.5",
"versionStartIncluding": "7.3.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "156315"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "170819"
},
{
"db": "PACKETSTORM",
"id": "170823"
}
],
"trust": 0.5
},
"cve": "CVE-2015-9251",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-87212",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-9251",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-9251",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-87212",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-9251",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "VULMON",
"id": "CVE-2015-9251"
},
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. A cross-site scripting vulnerability exists in jQuery versions prior to 3.0.0. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe Public Key Infrastructure (PKI) Core contains fundamental packages\nrequired by Red Hat Certificate System. \n1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA\n1732981 - When nuxwdog is enabled pkidaemon status shows instances as stopped. Description:\n\nRed Hat Fuse provides a small-footprint, flexible, open source enterprise\nservice bus and integration platform. Red Hat A-MQ is a standards compliant\nmessaging system that is tailored for use in mission critical applications. It\nincludes bug fixes, which are documented in the patch notes accompanying\nthe package on the download page. See the download link given in the\nreferences section below. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are located in the download section of the\ncustomer portal. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: ipa security, bug fix, and enhancement update\nAdvisory ID: RHSA-2020:3936-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3936\nIssue date: 2020-09-29\nCVE Names: CVE-2015-9251 CVE-2016-10735 CVE-2018-14040\n CVE-2018-14042 CVE-2018-20676 CVE-2018-20677\n CVE-2019-8331 CVE-2019-11358 CVE-2020-1722\n CVE-2020-11022\n====================================================================\n1. Summary:\n\nAn update for ipa is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nRed Hat Identity Management (IdM) is a centralized authentication, identity\nmanagement, and authorization solution for both traditional and cloud-based\nenterprise environments. \n\nThe following packages have been upgraded to a later upstream version: ipa\n(4.6.8). (BZ#1819725)\n\nSecurity Fix(es):\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests\n(CVE-2015-9251)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent\nattribute (CVE-2018-14040)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip. (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)\n\n* bootstrap: XSS in the affix configuration target property\n(CVE-2018-20677)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* js-jquery: prototype pollution in object\u0027s prototype leading to denial of\nservice or remote code execution or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* ipa: No password length restriction leads to denial of service\n(CVE-2020-1722)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.9 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests\n1404770 - ID Views: do not allow custom Views for the masters\n1545755 - ipa-replica-prepare should not update pki admin password. \n1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. \n1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute\n1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property\n1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute\n1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute\n1701972 - CVE-2019-11358 js-jquery: prototype pollution in object\u0027s prototype leading to denial of service or remote code execution or property injection\n1754902 - Running ipa-server-install fails when RHEL 7.7 packages are installed on RHEL 7.6\n1755535 - ipa-advise on a RHEL7 IdM server is not able to generate a configuration script for a RHEL8 IdM client\n1756568 - ipa-server-certinstall man page does not match built-in help. \n1758406 - KRA authentication fails when IPA CA has custom Subject DN\n1769791 - Invisible part of notification area in Web UI intercepts clicks of some page elements\n1771356 - Default client configuration breaks ssh in FIPS mode. \n1780548 - Man page ipa-cacert-manage does not display correctly on RHEL\n1782587 - add \"systemctl restart sssd\" to warning message when adding trust agents to replicas\n1788718 - ipa-server-install incorrectly setting slew mode (-x) when setting up ntpd\n1788907 - Renewed certs are not picked up by IPA CAs\n1793071 - CVE-2020-1722 ipa: No password length restriction leads to denial of service\n1795890 - ipa-pkinit-manage enable fails on replica if it doesn\u0027t host the CA\n1801791 - Compatibility Schema difference in functionality for systems following RHEL 7.5 -\u003e 7.6 upgrade path as opposed to new RHEL 7.6 systems\n1817886 - ipa group-add-member: prevent adding IPA objects as external members\n1817918 - Secure tomcat AJP connector\n1817919 - Enable compat tree to provide information about AD users and groups on trust agents\n1817922 - covscan memory leaks report\n1817923 - IPA upgrade is failing with error \"Failed to get request: bus, object_path and dbus_interface must not be None.\"\n1817927 - host-add --password logs cleartext userpassword to Apache error log\n1819725 - Rebase IPA to latest 4.6.x version\n1825829 - ipa-advise on a RHEL7 IdM server generate a configuration script for client having hardcoded python3\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1829787 - ipa service-del deletes the required principal when specified in lower/upper case\n1834385 - Man page syntax issue detected by rpminspect\n1842950 - ipa-adtrust-install fails when replica is offline\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nipa-4.6.8-5.el7.src.rpm\n\nnoarch:\nipa-client-common-4.6.8-5.el7.noarch.rpm\nipa-common-4.6.8-5.el7.noarch.rpm\nipa-python-compat-4.6.8-5.el7.noarch.rpm\npython2-ipaclient-4.6.8-5.el7.noarch.rpm\npython2-ipalib-4.6.8-5.el7.noarch.rpm\n\nx86_64:\nipa-client-4.6.8-5.el7.x86_64.rpm\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nipa-server-common-4.6.8-5.el7.noarch.rpm\nipa-server-dns-4.6.8-5.el7.noarch.rpm\npython2-ipaserver-4.6.8-5.el7.noarch.rpm\n\nx86_64:\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\nipa-server-4.6.8-5.el7.x86_64.rpm\nipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nipa-4.6.8-5.el7.src.rpm\n\nnoarch:\nipa-client-common-4.6.8-5.el7.noarch.rpm\nipa-common-4.6.8-5.el7.noarch.rpm\nipa-python-compat-4.6.8-5.el7.noarch.rpm\npython2-ipaclient-4.6.8-5.el7.noarch.rpm\npython2-ipalib-4.6.8-5.el7.noarch.rpm\n\nx86_64:\nipa-client-4.6.8-5.el7.x86_64.rpm\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nipa-server-common-4.6.8-5.el7.noarch.rpm\nipa-server-dns-4.6.8-5.el7.noarch.rpm\npython2-ipaserver-4.6.8-5.el7.noarch.rpm\n\nx86_64:\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\nipa-server-4.6.8-5.el7.x86_64.rpm\nipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nipa-4.6.8-5.el7.src.rpm\n\nnoarch:\nipa-client-common-4.6.8-5.el7.noarch.rpm\nipa-common-4.6.8-5.el7.noarch.rpm\nipa-python-compat-4.6.8-5.el7.noarch.rpm\nipa-server-common-4.6.8-5.el7.noarch.rpm\nipa-server-dns-4.6.8-5.el7.noarch.rpm\npython2-ipaclient-4.6.8-5.el7.noarch.rpm\npython2-ipalib-4.6.8-5.el7.noarch.rpm\npython2-ipaserver-4.6.8-5.el7.noarch.rpm\n\nppc64:\nipa-client-4.6.8-5.el7.ppc64.rpm\nipa-debuginfo-4.6.8-5.el7.ppc64.rpm\n\nppc64le:\nipa-client-4.6.8-5.el7.ppc64le.rpm\nipa-debuginfo-4.6.8-5.el7.ppc64le.rpm\n\ns390x:\nipa-client-4.6.8-5.el7.s390x.rpm\nipa-debuginfo-4.6.8-5.el7.s390x.rpm\n\nx86_64:\nipa-client-4.6.8-5.el7.x86_64.rpm\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\nipa-server-4.6.8-5.el7.x86_64.rpm\nipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nipa-4.6.8-5.el7.src.rpm\n\nnoarch:\nipa-client-common-4.6.8-5.el7.noarch.rpm\nipa-common-4.6.8-5.el7.noarch.rpm\nipa-python-compat-4.6.8-5.el7.noarch.rpm\nipa-server-common-4.6.8-5.el7.noarch.rpm\nipa-server-dns-4.6.8-5.el7.noarch.rpm\npython2-ipaclient-4.6.8-5.el7.noarch.rpm\npython2-ipalib-4.6.8-5.el7.noarch.rpm\npython2-ipaserver-4.6.8-5.el7.noarch.rpm\n\nx86_64:\nipa-client-4.6.8-5.el7.x86_64.rpm\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\nipa-server-4.6.8-5.el7.x86_64.rpm\nipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-9251\nhttps://access.redhat.com/security/cve/CVE-2016-10735\nhttps://access.redhat.com/security/cve/CVE-2018-14040\nhttps://access.redhat.com/security/cve/CVE-2018-14042\nhttps://access.redhat.com/security/cve/CVE-2018-20676\nhttps://access.redhat.com/security/cve/CVE-2018-20677\nhttps://access.redhat.com/security/cve/CVE-2019-8331\nhttps://access.redhat.com/security/cve/CVE-2019-11358\nhttps://access.redhat.com/security/cve/CVE-2020-1722\nhttps://access.redhat.com/security/cve/CVE-2020-11022\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX3Of/9zjgjWX9erEAQjmHBAAi+u4CgMbaduuYvMAMbNKqT/0X8Y02udQ\nmaW4rfZ6udfHWJ21h1VlD/INXHB3sBFC2vpXsgJD7dTkUsZYIx73LrQFkakTzIWc\nxSQalxNs+Fjh/ot/JMiKQzQUmZeu/vUYgVB81y+hczg5dys3q1mnu42GWe18sJIc\nFCY2R3mBTnFUZoc/3JDHeVRJU8eq51oqRgNaz+Fl+CoFkR81P6mD8wybIIAsBx14\nYkya/awQf+OuBCe5tqfTV1+KS2U4+tqiqapzALt7dhjfA9Jayc9/UvQjGCyrmGvP\n+BBBPSqGOS81jpPo0ouM3OtadWrGAWERMwtrR+POUp1rnMxy2kI0EpebnzSOtJy2\nxExPZtcTjjgWvIMDdrJJ5DXG6cP5j3GjyvFknmCtCqvXzo90gw73psi6roG+g/a8\nUyML+be8jnJK7571X3dz6OCYBExaHqM21ukUEfdvddszhw92J3fxmDm5+picETB9\ndZ++VtV1lCBOlKW1SDG/ggk7PeSRGTDL5IkekopO1w89r3QsfqyFudlsNT0dDgk7\n8Kzn8YpCWln1Kp0UbVushKRT+KllZRTKzXTBfiEWiYtQiwyL9zj/DrxagXXbiPe7\n5mZnk62sAdKya3On4ejgPQ8Nq8oKHzRfaig/CNaNiB00HgZcRdQokPQ9+DRnkdNS\nUR3S5ZAZvb8=SWQt\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Hello,\n\nI identified several vulnerabilities in dotCMS v5.1.1 due to vulnerable\nopen source dependencies. \n\nFull security write up:\nhttp://secureli.com/dotcms-v5-1-1-vulnerable-open-source-dependencies/\n\nThe details:\n\n----\n\n /ROOT/html/js/scriptaculous/prototype.js\n\n\u21b3 prototypejs 1.5.0\nprototypejs 1.5.0 has known vulnerabilities: severity: high; CVE:\nCVE-2008-7220; http://www.cvedetails.com/cve/CVE-2008-7220/\nhttp://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/\n\nROOT/assets/3/6/36c22c5d-c813-4869-a4b7-fcc10a74e8b6/fileAsset/jquery.min.js\n\n\u21b3 jquery 1.9.1\njquery 1.9.1 has known vulnerabilities: severity: medium; issue: 2432,\nsummary: 3rd party CORS request may execute, CVE: CVE-2015-9251;\nhttps://github.com/jquery/jquery/issues/2432\nhttp://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251\nhttp://research.insecurelabs.org/jquery/test/ severity: medium; CVE:\nCVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in\nevent handlers; https://bugs.jquery.com/ticket/11974\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251\nhttp://research.insecurelabs.org/jquery/test/ severity: low; CVE:\nCVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal,\nBackdrop CMS, and other products, mishandles jQuery.extend(true, {}, \u2026)\nbecause of Object.prototype pollution;\nhttps://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11358\nhttps://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b\n\nROOT/assets/5/1/515cba4e-ac64-4523-b683-8e38329e7f46/fileAsset/bootstrap.min.js\n\u21b3 bootstrap 3.2.0\nbootstrap 3.2.0 has known vulnerabilities: severity: high; issue: 28236,\nsummary: XSS in data-template, data-content and data-title properties of\ntooltip/popover, CVE: CVE-2019-8331;\nhttps://github.com/twbs/bootstrap/issues/28236 severity: medium; issue:\n20184, summary: XSS in data-target property of scrollspy, CVE:\nCVE-2018-14041; https://github.com/twbs/bootstrap/issues/20184 severity:\nmedium; issue: 20184, summary: XSS in collapse data-parent attribute,\nCVE: CVE-2018-14040; https://github.com/twbs/bootstrap/issues/20184\nseverity: medium; issue: 20184, summary: XSS in data-container property\nof tooltip, CVE: CVE-2018-14042;\nhttps://github.com/twbs/bootstrap/issues/20184\n\nROOT/assets/9/9/99c7ffe7-e1c2-407f-85b7-ec483dbcf6f1/fileAsset/jquery.min.js\n\u21b3 jquery 3.3.1\njquery 3.3.1 has known vulnerabilities: severity: low; CVE:\nCVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal,\nBackdrop CMS, and other products, mishandles jQuery.extend(true, {}, \u2026)\nbecause of Object.prototype pollution;\nhttps://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11358\nhttps://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b\n\nROOT/assets/f/6/f6fa6b13-3a96-4cbf-9a75-19a40137f05a/fileAsset/jquery.min.js\n\n\u21b3 jquery 1.9.1\njquery 1.9.1 has known vulnerabilities: severity: medium; issue: 2432,\nsummary: 3rd party CORS request may execute, CVE: CVE-2015-9251;\nhttps://github.com/jquery/jquery/issues/2432\nhttp://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251\nhttp://research.insecurelabs.org/jquery/test/ severity: medium; CVE:\nCVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in\nevent handlers; https://bugs.jquery.com/ticket/11974\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251\nhttp://research.insecurelabs.org/jquery/test/ severity: low; CVE:\nCVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal,\nBackdrop CMS, and other products, mishandles jQuery.extend(true, {}, \u2026)\nbecause of Object.prototype pollution;\nhttps://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11358\nhttps://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b\n\nROOT/assets/4/a/4a5a727f-369b-49e0-bff5-42d9efb4ba90/fileAsset/jquery-2.1.1.min.js\n\n\u21b3 jquery 2.1.1.min\njquery 2.1.1.min has known vulnerabilities: severity: medium; issue:\n2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251;\nhttps://github.com/jquery/jquery/issues/2432\nhttp://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251\nhttp://research.insecurelabs.org/jquery/test/ severity: medium; CVE:\nCVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in\nevent handlers; https://bugs.jquery.com/ticket/11974\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251\nhttp://research.insecurelabs.org/jquery/test/ severity: low; CVE:\nCVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal,\nBackdrop CMS, and other products, mishandles jQuery.extend(true, {}, \u2026)\nbecause of Object.prototype pollution;\nhttps://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11358\nhttps://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b\n\nROOT/html/js/dojo/custom-build/dojo/dojo.js\n\n\u21b3 dojo 1.8.6\ndojo 1.8.6 has known vulnerabilities: severity: medium; PR: 307;\nhttps://github.com/dojo/dojo/pull/307\nhttps://dojotoolkit.org/blog/dojo-1-14-released\n\nROOT/html/js/tinymce/js/tinymce/tinymce.min.js\n\n\u21b3 tinyMCE 4.1.6\ntinyMCE 4.1.6 has known vulnerabilities: severity: medium; summary: xss\nissues with media plugin not properly filtering out some script\nattributes.; https://www.tinymce.com/docs/changelog/ severity: medium;\nsummary: FIXED so script elements gets removed by default to prevent\npossible XSS issues in default config implementations;\nhttps://www.tinymce.com/docs/changelog/ severity: medium; summary: FIXED\nso links with xlink:href attributes are filtered correctly to prevent\nXSS.; https://www.tinymce.com/docs/changelog/\n. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001\nJBEAP-23865 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001\nJBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001\nJBEAP-23928 - Tracker bug for the EAP 7.4.9 release for RHEL-9\nJBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001\nJBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001\nJBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001\nJBEAP-24100 - [GSS](7.4.z) Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001\nJBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value\nJBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001\nJBEAP-24132 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001\nJBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001\nJBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002\nJBEAP-24191 - [GSS](7.4.z) Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001\nJBEAP-24195 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001\nJBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003\nJBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2\nJBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001\nJBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001\n\n7",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9251"
},
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "VULMON",
"id": "CVE-2015-9251"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "156315"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "152787"
},
{
"db": "PACKETSTORM",
"id": "153237"
},
{
"db": "PACKETSTORM",
"id": "170819"
},
{
"db": "PACKETSTORM",
"id": "170823"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-9251",
"trust": 1.9
},
{
"db": "PACKETSTORM",
"id": "153237",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "152787",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "156743",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2019-08",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-18-212-04",
"trust": 1.1
},
{
"db": "PULSESECURE",
"id": "SA44601",
"trust": 1.1
},
{
"db": "BID",
"id": "105658",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "156315",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159353",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170819",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170823",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159852",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170817",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159876",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170821",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156630",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156941",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201801-798",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-98926",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-87212",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-9251",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "VULMON",
"id": "CVE-2015-9251"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "156315"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "152787"
},
{
"db": "PACKETSTORM",
"id": "153237"
},
{
"db": "PACKETSTORM",
"id": "170819"
},
{
"db": "PACKETSTORM",
"id": "170823"
},
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"id": "VAR-201801-0036",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-87212"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:15:42.081000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Red Hat: Important: Red Hat JBoss Fuse/A-MQ 6.3 R15 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200481 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.5 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200729 - security advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2015-9251 log"
},
{
"title": "Arch Linux Advisories: [ASA-201910-4] ruby-rdoc: cross-site scripting",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201910-4"
},
{
"title": "Red Hat: CVE-2015-9251",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-9251"
},
{
"title": "Red Hat: Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204670 - security advisory"
},
{
"title": "Red Hat: Moderate: ipa security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203936 - security advisory"
},
{
"title": "Red Hat: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204847 - security advisory"
},
{
"title": "IBM: IBM Security Bulletin: BigFix Platform 9.2.x affected by multiple vulnerabilities (CVE-2017-1231, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3101664cb57ad9d937108c187df59ecf"
},
{
"title": "IBM: IBM Security Bulletin: BigFix Platform 9.5.x affected by multiple vulnerabilities (CVE-2019-4013, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7dde8d528837d3c0eae28428fd6e703d"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20230556 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20230554 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.6.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200983 - security advisory"
},
{
"title": "Amazon Linux 2: ALASRUBY2.6-2023-007",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alasruby2.6-2023-007"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1422",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1422"
},
{
"title": "Arch Linux Advisories: [ASA-201910-5] ruby2.5: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201910-5"
},
{
"title": "IBM: Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=22fc4d0a2671b6a2b6b740928ccb3e85"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1519",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2020-1519"
},
{
"title": "Tenable Security Advisories: [R1] Nessus Network Monitor 5.11.0 Fixes Multiple Third-party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2019-08"
},
{
"title": "Fortinet Security Advisories: FortiSwitch multiple XSS vulnerabilities in the jQuery library",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=fg-ir-18-013"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in Spark affecting IBM QRadar User Behavior Analytics",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3823f1edcf270e724f22c0ef0da4007f"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0bf006d622ea4a9435b282864e760566"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c47c09015d1429df4a71453000607351"
},
{
"title": "IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8580d3cd770371e2ef0f68ca624b80b0"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/astyn9/vulnerable-jquery-v1.12.2-library "
},
{
"title": "custom-okta-signin-widget",
"trust": 0.1,
"url": "https://github.com/cniesen/custom-okta-signin-widget "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/andrew-healey/canvas-lms-vuln "
},
{
"title": "sheep",
"trust": 0.1,
"url": "https://github.com/flyher/sheep "
},
{
"title": "watchdog",
"trust": 0.1,
"url": "https://github.com/flipkart-incubator/watchdog "
},
{
"title": "watchdog",
"trust": 0.1,
"url": "https://github.com/rohankumardubey/watchdog "
},
{
"title": "oracle-vuln-crawler",
"trust": 0.1,
"url": "https://github.com/zema1/oracle-vuln-crawler "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-9251"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.3,
"url": "https://github.com/jquery/jquery/issues/2432"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2020:0481"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/105658"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/may/18"
},
{
"trust": 1.1,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44601"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210108-0004/"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2019/may/13"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2019/may/11"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2019/may/10"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/152787/dotcms-5.1.1-vulnerable-dependencies.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/153237/retirejs-cors-issue-script-execution.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/156743/octobercms-insecure-dependencies.html"
},
{
"trust": 1.1,
"url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
},
{
"trust": 1.1,
"url": "https://github.com/jquery/jquery/pull/2588"
},
{
"trust": 1.1,
"url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-212-04"
},
{
"trust": 1.1,
"url": "https://snyk.io/vuln/npm:jquery:20150627"
},
{
"trust": 1.1,
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/securitybulletin_lfsec126.pdf"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2020:0729"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3cdev.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3cuser.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3cuser.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3cuser.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3ccommits.roller.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2015-9251"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14040"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-14042"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-8331"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-14040"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14042"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10735"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2016-10735"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8331"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14041"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://github.com/dojo/dojo/pull/307"
},
{
"trust": 0.2,
"url": "http://research.insecurelabs.org/jquery/test/"
},
{
"trust": 0.2,
"url": "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/"
},
{
"trust": 0.2,
"url": "https://bugs.jquery.com/ticket/11974"
},
{
"trust": 0.2,
"url": "https://dojotoolkit.org/blog/dojo-1-14-released"
},
{
"trust": 0.2,
"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
},
{
"trust": 0.2,
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40150"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3143"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40150"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-45047"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18214"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40152"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40149"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40149"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40152"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14041"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-18214"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-45693"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-46364"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3143"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3cdev.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3cuser.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3cuser.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3cuser.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3ccommits.roller.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10146"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10179"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10179"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq.broker\u0026downloadtype=securitypatches\u0026version=6.3.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse\u0026downloadtype=securitypatches\u0026version=6.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1722"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20676"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3936"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20677"
},
{
"trust": 0.1,
"url": "https://github.com/twbs/bootstrap/issues/20184"
},
{
"trust": 0.1,
"url": "http://www.cvedetails.com/cve/cve-2008-7220/"
},
{
"trust": 0.1,
"url": "https://www.tinymce.com/docs/changelog/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-7220"
},
{
"trust": 0.1,
"url": "http://secureli.com/dotcms-v5-1-1-vulnerable-open-source-dependencies/"
},
{
"trust": 0.1,
"url": "http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/"
},
{
"trust": 0.1,
"url": "https://github.com/twbs/bootstrap/issues/28236"
},
{
"trust": 0.1,
"url": "http://bugs.jquery.com/ticket/11290"
},
{
"trust": 0.1,
"url": "http://secureli.com/retirejs-vulnerabilities-identified-with-retirejs/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6708"
},
{
"trust": 0.1,
"url": "http://github.com/eoftedal/retire.js/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0554"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0553"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "156315"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "152787"
},
{
"db": "PACKETSTORM",
"id": "153237"
},
{
"db": "PACKETSTORM",
"id": "170819"
},
{
"db": "PACKETSTORM",
"id": "170823"
},
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "VULMON",
"id": "CVE-2015-9251"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "156315"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "152787"
},
{
"db": "PACKETSTORM",
"id": "153237"
},
{
"db": "PACKETSTORM",
"id": "170819"
},
{
"db": "PACKETSTORM",
"id": "170823"
},
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-18T00:00:00",
"db": "VULHUB",
"id": "VHN-87212"
},
{
"date": "2018-01-18T00:00:00",
"db": "VULMON",
"id": "CVE-2015-9251"
},
{
"date": "2020-11-04T15:29:15",
"db": "PACKETSTORM",
"id": "159852"
},
{
"date": "2020-02-12T18:53:35",
"db": "PACKETSTORM",
"id": "156315"
},
{
"date": "2020-09-30T15:44:20",
"db": "PACKETSTORM",
"id": "159353"
},
{
"date": "2019-05-09T13:33:33",
"db": "PACKETSTORM",
"id": "152787"
},
{
"date": "2019-06-07T16:22:22",
"db": "PACKETSTORM",
"id": "153237"
},
{
"date": "2023-01-31T17:19:24",
"db": "PACKETSTORM",
"id": "170819"
},
{
"date": "2023-01-31T17:26:38",
"db": "PACKETSTORM",
"id": "170823"
},
{
"date": "2018-01-18T23:29:00.307000",
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-87212"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2015-9251"
},
{
"date": "2023-11-07T02:28:57.737000",
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2020-4847-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "159852"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution, xss, memory leak",
"sources": [
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "159353"
}
],
"trust": 0.2
}
}
ghsa-rmxg-73gg-4p98
Vulnerability from github
Published
2018-01-22 13:32
Modified
2021-09-17 18:58
Severity ?
Summary
Cross-Site Scripting (XSS) in jquery
Details
Affected versions of jquery interpret text/javascript responses from cross-origin ajax requests, and automatically execute the contents in jQuery.globalEval, even when the ajax request doesn't contain the dataType option.
Recommendation
Update to version 3.0.0 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "jquery"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "jQuery"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "jQuery"
},
"ranges": [
{
"events": [
{
"introduced": "1.12.3"
},
{
"fixed": "3.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "jquery"
},
"ranges": [
{
"events": [
{
"introduced": "1.12.3"
},
{
"fixed": "3.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "jquery-rails"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.2.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.webjars.npm:jquery"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.webjars.npm:jquery"
},
"ranges": [
{
"events": [
{
"introduced": "1.12.3"
},
{
"fixed": "3.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2015-9251"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:55:10Z",
"nvd_published_at": "2018-01-18T23:29:00Z",
"severity": "MODERATE"
},
"details": "Affected versions of `jquery` interpret `text/javascript` responses from cross-origin ajax requests, and automatically execute the contents in `jQuery.globalEval`, even when the ajax request doesn\u0027t contain the `dataType` option.\n\n\n## Recommendation\n\nUpdate to version 3.0.0 or later.",
"id": "GHSA-rmxg-73gg-4p98",
"modified": "2021-09-17T18:58:18Z",
"published": "2018-01-22T13:32:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery/issues/2432"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery/issues/2432#issuecomment-403761229"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery/pull/2588"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery/commit/b078a62013782c7424a4a61a240c23c4c0b42614"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0481"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210108-0004"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450227"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/npm:jquery:20150627"
},
{
"type": "WEB",
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200227030101/http://www.securityfocus.com/bid/105658"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
},
{
"type": "PACKAGE",
"url": "https://github.com/jquery/jquery"
},
{
"type": "WEB",
"url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#420"
},
{
"type": "WEB",
"url": "https://github.com/rails/jquery-rails/blob/v4.2.0/vendor/assets/javascripts/jquery3.js#L9377"
},
{
"type": "WEB",
"url": "https://github.com/rails/jquery-rails/releases/tag/v4.2.0"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2015-9251.yml"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04"
},
{
"type": "WEB",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Cross-Site Scripting (XSS) in jquery"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.